--[ WARNING - Python Can Be Poisonous: The Security of Python Packages

$ getent passwd jmeyers
├─ name: John Speed Meyers
└── org: IQT Labs

Security engineer and researcher at IQT Labs, In-Q-Tel. PhD. Have presented at NSA Science of Security Conference.


Python has become near and dear to hackers and programmers. The huge open source package index is a key reason for its popularity. Unfortunately, attackers are abusing the openness of the Python Package Index and inserting malicious packages and code into the Python ecosystem. Our research documents this trend, explains the different types of attacks, and presents tools and approaches to avoiding malicious Python packages.