Final yr the Python Software program Basis was introduced as a CVE Numbering Authority (CNA) to handle and assign CVE IDs for CPython and pip. Changing into a CVE Numbering Authority permits the PSF to offer experience about Python within the CVE ecosystem, making certain that customers have correct and up-to-date details about vulnerabilities affecting key initiatives.
This work is being completed to find out how the PSF can higher serve Python’s massive ecosystem of initiatives within the context of the CVE ecosystem. The PSF beforehand revealed a information on how open supply initiatives can change into their very own CVE Numbering Authorities. You’ll be able to be taught extra in regards to the CVE CNA program on the CVE web site.
Pallets is a fiscal sponsoree of the Python Software program Basis. Fiscal sponsorship is a key plank of the PSF’s mission in supporting the Python neighborhood. The PSF helps 20 fiscal sponsorees together with regional PyCons, Python Meetup and Consumer Teams, and Python initiatives. Be taught extra about our Fiscal Sponsorees on our web site and contemplate supporting the teams with a US-tax deductible donation.