Lessons Learned Reporting Vulnerabilities in the Python Ecosystem

FORMAT: TalkLEVEL: All levels LANGUAGE: Spanish

You've surely received that notification telling you to update a dependency due to a security flaw. But have you wondered what happens from when someone discovers that vulnerability until the patch reaches your project? In this talk I'll share my experience reporting vulnerabilities in the Python ecosystem. We'll explore the behind the scenes: from the technical finding and reporting process to collaboration with maintainers and patch publication. We'll address not only technical aspects but also the human factor—both crucial for effective vulnerability resolution. The challenges maintainers and the community face, especially in this new era of open source software security where artificial intelligence plays an increasingly relevant role.

Speaker

Santos Gallegos

Software Engineer @ Read the Docs

Santos is a software and application security engineer from Ecuador, currently working at Read the Docs. Passionate about web development, Python, cybersecurity, and open source. Santos has reported vulnerabilities in several projects including Neovim, GitPython, django-allauth, Sentry, and more. When he's not in front of a screen, you can find him reading, painting, enjoying metal concerts, or rock climbing.

View speaker

Want to know more?

Join PyCon Colombia newsletter and get a complete overview of our events, speakers and community participation.