Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Securing Packages in npm, Homebrew, PyPI, Maven Central, and RubyGems

USENIX via YouTube

Start learning Write review
Simplilearn Ad

Pass the PMP® Exam on Your First Try — Expert-Led Training

Learn More → CodeSignal Ad

Learn the Skills Netflix, Meta, and Capital One Actually Hire For

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Learn how modern package ecosystems are transitioning from traditional PGP signatures to build attestations for enhanced security in this conference talk from USENIX Security '25. Explore the challenges of software signing including securing private keys, distributing public keys, and rotating key material across major package repositories like npm, Homebrew, PyPI, Maven Central, and RubyGems. Discover how build attestations provide not only package integrity verification but also create non-falsifiable links to specific source code revisions, build instructions, and build logs. Examine a real-world case study of how these attestations helped respond to the Ultralytics package compromise on PyPI in December 2024. Gain practical knowledge on accessing this new security information and implementing build attestations in your own open source packages through detailed walkthroughs and demonstrations.

Syllabus

USENIX Security '25 (Enigma Track) - Securing Packages in npm, Homebrew, PyPI, Maven Central, and...

Taught by

USENIX

Reviews

Start your review of Securing Packages in npm, Homebrew, PyPI, Maven Central, and RubyGems

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.