This week we interview Mike Fiedler, the PyPI Safety & Security Engineer at the Python Software Foundation (PSF).
We discuss the importance of security within the Python ecosystem and offering practical advice for Python developers to enhance their security awareness.
Highlights include a deep dive into PyPI security measures, the challenges of securing the Python ecosystem, tips for Python developers, and Mike's journey to his current and previous (DevOps) roles, emphasizing the blend of technical skills and mindset needed to tackle security and solving challenges problems effectively.
Enjoy this episode with Mike Fiedler!
Chapters:
00:00 Show intro
01:20 Intro to audience and stateless testing win
08:24 Transition into PyPI security and current role
17:43 Challenging securing the Python ecosystem
24:48 Tips for Python devs to be more security aware
27:18 PDM ad segment
27:44 Security tips cont'd
33:16 Solving a puzzling problem in production (mindset)
39:40 Psychological safe workplaces / blame vs accountability
44:18 Security trends, how to prepare, and resources
48:05 Books and wrap up
---
Pybites ad segment: apply for Python coaching here.
---
Show links:
- pytest-randomly
- pytest-socket
- Brian Okken's pytest content
- PyPI blog
- Trusted Publishers
- 2FA Required for PyPI
- git annotate
- Asimov Robot series
- Silo
- CPython 3.12.2 is SBOM-ified
- Trail of Bits blog
- Fastly blog
- Disaster recovery for Consul clusters (now this exists!)
- Bandit
- Pre-commit
Reach out to Mike here.
