Pybites Podcast

#153 - Elevating Python Security: A Conversation with PyPI's Safety & Security Engineer Mike Fiedler

Mar 1, 2024

In this podcast, the PyPI Safety & Security Engineer discusses enhancing security for Python developers, challenges in securing Python packages, tips for developers to improve security awareness, the importance of security testing, and preparing for future security trends. The conversation includes embracing failure to grow, exploring security tools and practices, and recommendations for staying updated on Python security measures.

51:44

Episode guests

Mike Fiedler

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Trusted publishing and SBOM enhance Python security transparency and accountability.

Engage in science fiction for creative inspiration and futuristic concepts.

Nurturing workplace accountability over blame fosters resilience and professional growth.

Deep dives

Trust in Future of Python Security and Advancements

Trusted publishing and software bills of material (SBOM) are predicted to gain more traction in Python security, enhancing transparency and accountability. Embracing automation for SBOM creation will aid in understanding software stack components and licenses. Seth Larson's blog offers in-depth insights into SBOM topics, recommended for further exploration. Keeping abreast of Python-related developments through resources like the PyBites and Block.pypi.org and engaging with Python podcasts like Talk Python and Real Python remains crucial.

Introduction

3min

The Importance of Testing and Security in Python Projects

22min

Enhancing Security Practices for Python Developers through Dependency Management and Static Analysis Tools

4min

Enhancing Security Measures in Development Pipeline

4min

Embracing Failure and Learning from Mistakes

11min

Python Security Future Trends and Recommendations

5min

Exploring Isaac Asimov's Futuristic Murder Mysteries with Robots

3min

This week we interview Mike Fiedler, the PyPI Safety & Security Engineer at the Python Software Foundation (PSF).

We discuss the importance of security within the Python ecosystem and offering practical advice for Python developers to enhance their security awareness.

Highlights include a deep dive into PyPI security measures, the challenges of securing the Python ecosystem, tips for Python developers, and Mike's journey to his current and previous (DevOps) roles, emphasizing the blend of technical skills and mindset needed to tackle security and solving challenges problems effectively.

Enjoy this episode with Mike Fiedler!

Chapters:
00:00 Show intro
01:20 Intro to audience and stateless testing win
08:24 Transition into PyPI security and current role
17:43 Challenging securing the Python ecosystem
24:48 Tips for Python devs to be more security aware
27:18 PDM ad segment
27:44 Security tips cont'd
33:16 Solving a puzzling problem in production (mindset)
39:40 Psychological safe workplaces / blame vs accountability
44:18 Security trends, how to prepare, and resources
48:05 Books and wrap up

---
Pybites ad segment: apply for Python coaching here.
---

Show links:
- pytest-randomly
- pytest-socket
- Brian Okken's pytest content
- PyPI blog
- Trusted Publishers
- 2FA Required for PyPI
- git annotate
- Asimov Robot series
- Silo
- CPython 3.12.2 is SBOM-ified
- Trail of Bits blog
- Fastly blog
- Disaster recovery for Consul clusters (now this exists!)
- Bandit
- Pre-commit

Reach out to Mike here.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Pybites Podcast

#153 - Elevating Python Security: A Conversation with PyPI's Safety & Security Engineer Mike Fiedler

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Trust in Future of Python Security and Advancements

Exploring Science Fiction Series Recommendations

Embracing Accountable Programming Practices

Cultivating Psychological Safety at Work

Incorporating Automation for Enhanced Security

Remember Everything You Learn from Podcasts