Python Software Foundation, the non-profit organization supporting the Python programming language, has received a $350,000 donation from Google to support some of its projects aimed at enhancing the Python ecosystem’s supply-chain security, reports ZDnet.
Google’s support targets three areas: malware detection for Python Package Index, hiring a Core Python developer-in-residence this year and improvements to core Python tools and services. The funds will be used for “critical supply-chain security improvements, including developing productized malware detection for PyPI, a prototype of dynamic analysis infrastructure for distributions, and other foundational tool improvements,” PSF stated.
The foundation is also set to receive the Google Cloud infrastructure to support its operations.
“Google Cloud has given us access to crucial peering agreements via Cloud Storage that allow us to cost effectively serve PyPI downloads while being good stewards of the limited resources we have from other infrastructure providers. Publishing PyPI's analytics as a public dataset on BigQuery has reduced the burden of supporting and managing access to information that has proven critical to maintainers of libraries as well as the team that keeps PyPI online,” said Ee Durbin, PSF’s director of infrastructure.
Google funds Python projects aimed at supply-chain security
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Founded by the team behind CloudEndure, which was acquired by Amazon, Eon aims to solve the complexities of cloud infrastructure backup that legacy solutions struggle to address.
The system, which is also available for AWS, utilizes agentless deployment to monitor cloud assets, users, and containers using what the company calls "self-learning AI."
Utilizing a large language model interface, the tool translates complex cybersecurity issues into user-friendly, natural language conversations for both technical and nontechnical users, enabling teams to identify vulnerabilities and proactively address them, even without possessing extensive training or expertise.