SOSS Community Day Europe 2024

Python is an incredibly popular programming language and the language of choice for countless open source projects, ranging from hobbyist projects, via entire cloud virtualization frameworks (e.g. OpenStack), to being a key enabler for a large portion of AI and ML tooling (e.g. PyTorch). Helping these Python developers to securely master their programming challenges has a concrete benefit to the security of this vibrant open source ecosystem. The OpenSSF Best Practices Working Group has recently adopted a new initiative which aims to create a Secure Coding Guide for Python. Structured around Mitre's CWE framework, the guide provides tangible advice for a wide range of programming challenges, including executable code examples. These code snippets aim to allow developers to build a better understanding by enabling experimentation with concrete implementations while also constituting a proving ground for tool-based detection of weaknesses and vulnerabilities. In this brief presentation, Georg and Helge will provide an overview of the guide, its current state and its roadmap. We explicitly aim to solicit feedback from the Python community to further improve the guide.