Google funds Python projects aimed at supply-chain security

Python Software Foundation, the non-profit organization supporting the Python programming language, has received a $350,000 donation from Google to support some of its projects aimed at enhancing the Python ecosystem’s supply-chain security, reports ZDnet. Google’s support targets three areas: malware detection for Python Package Index, hiring a Core Python developer-in-residence this year and improvements to core Python tools and services. The funds will be used for “critical supply-chain security improvements, including developing productized malware detection for PyPI, a prototype of dynamic analysis infrastructure for distributions, and other foundational tool improvements,” PSF stated. The foundation is also set to receive the Google Cloud infrastructure to support its operations. “Google Cloud has given us access to crucial peering agreements via Cloud Storage that allow us to cost effectively serve PyPI downloads while being good stewards of the limited resources we have from other infrastructure providers. Publishing PyPI's analytics as a public dataset on BigQuery has reduced the burden of supporting and managing access to information that has proven critical to maintainers of libraries as well as the team that keeps PyPI online,” said Ee Durbin, PSF’s director of infrastructure.