Python is extremely important for Google Cloud and therefore for Google Cloud users, and is also used internally by the search engine giant to drive many of its core products and services.
Now, Google is making a $ 350,000 grant to support some Python Software Foundation (PSF) projects that aim to improve supply chain security in the Python ecosystem.
PSF is the non-profit organization that supports the programming language, which is now more popular than Java, according to some popularity rankings.
WATCH: Hiring kit: Python developer (TechRepublic Premium)
Python is big among data scientists thanks to add-ons like NumPy, but it is less widely used for mobile apps and web application development, where JavaScript and TypeScript shine.
Google’s additional support for PSF targets three areas, including disrupting malware distribution through the Python Package Index (PyPI), the official repository for PSF software add-ons for Python.
Support includes malware detection for PyPI, improvements to Python’s core tools and services and the contribution of a CPython resident developer (Core Python) role for 2021.
The function is full time and aims to help the CPython project to prioritize maintenance and solve its pending problems.
The Python Steering Council and the Python Software Foundation will work together to hire a developer to help CPython prioritize tasks and understand how the backlog can be resolved.
The developer will also research the maintainers to get a better picture of CPython, which will be used to ensure that future funding and volunteer hours are allocated effectively.
As PSF explains, Google’s extra sponsorship funds will be used to address “critical supply chain security improvements, including the development of productized malware detection for PyPI, a dynamic analytics infrastructure prototype for distributions and others. fundamental tool improvements. “
Attacks on the software distribution supply chain began to focus after the enterprise software maker SolarWinds was hacked by alleged Russian invaders. Attackers exploited their Orion infrastructure monitoring software updates to plant a back door in organizations of interest.
Python packages have also been used to distribute malware for the financial sector.
Google has sponsored the PSF since 2010 and becomes the first “visionary sponsor” of the open source language. Python was created in 1989 by Guido van Rossum, who returned from retirement last year to work for Microsoft’s expanding open source teams. Previously, he led Python’s efforts at Dropbox.
Van Rossum stepped down as Python’s Benevolent Dictator for Life (BDFL) in 2018. Other key Python sponsors include Salesforce, Fastly, Bloomberg and Microsoft Azure.
WATCH: Digital transformation: the new rules for carrying out projects
Google is also donating the Google Cloud infrastructure to the PSF to support PSF operations, such as the Python package index.
“Google Cloud has given us access to essential peering agreements through Cloud Storage that allow us to serve PyPI downloads in an economical way, while managing well the limited resources of other infrastructure providers,” said Ee Durbin, director infrastructure of the Python Software Foundation.
“Publishing PyPI analyzes as a public dataset on BigQuery has reduced the burden of supporting and managing access to information that has proven essential for library maintainers as well as for the team that keeps PyPI online,” added Durbin.