Please provide a title of the BoF? Towards Robust Security in Scientific Open Source Projects Please provide the abstract describing your BoF? In the open-source community, the security of software packages is a critical concern since it constitutes a significant portion of the global digital infrastructure. This BoF session will focus on the supply chain security of open-source software in scientific computing. We aim to bring together maintainers and contributors of scientific Python packages to discuss current security practices, identify common vulnerabilities, and explore tools and strategies to enhance the security of the ecosystem. Join us to share your experiences, challenges, and ideas on fortifying our open-source projects against potential threats and ensuring the integrity of scientific research. Please provide a principal contact (name and e-mail) for this BoF?

title: "SPEC 11 — Vulnerability disclosure number: 11 date: 2024-06-04 author: "Matthew Feickert matthew.feickert@cern.ch" "Pamphile Roy roy.pamphile@gmail.com" "Juanita Gomez juanitagomezr2112@gmail.com" "Seth Larson sethmichaellarson@gmail.com" "You? <>"

Date: June 14th 2024 - 11:00AM PT Guests: Emily Lovell and Heidi Ellis Topic: Education and mentoring in Open Source Agenda Introductions Every week we will say a short phrase about ourselves plus our name. Housekeeping announcements:

Date: June 14th 2024 - 11:00AM PT Guests: Emily Lovell and Heidi Ellis Topic: Education and mentoring in Open Source Agenda Introductions Every week we will say a short phrase about ourselves plus our name. Housekeeping announcements:

Date: May 10th 2024 - 11:00AM PT Guests: Paul Ivanov and Madicken Munk Topic: SciPy Conf through the years Themes: SciPy HistoryChange in audience + location over the years Topics (when were lightning talks introduced?)Already present in 2010 for sure what did scipy look like pre-github?

# Open Source Security When you get a PR a tool that gives information about contributors PR reviewing tools In addition to linting we use a trust model PR spam detector Generative AI

Date: May 10th 2024 - 11:00AM PT Guests: Paul Ivanov and Madicken Munk Topic: SciPy Conf through the years Agenda Introductions Every week we will say a short frase about ourselves plus our name. Housekeeping announcements:

October 6th 2023 Some potential tools Live Discord StreamYard Podcast managers

Friday, December 1 2023 15:30 - 16:00 UTC Attendees Megan Bruce Brian Dussault Evan Anderson Juanita Gomez Luke Hinds Seth Larson

Title: Enhancing Open Source Supply Chain Security through Automated and Verifiable Metrics Introduction: In an era dominated by open-source software development, the security of the software supply chain is paramount. The increasing complexity and interdependence of software components necessitate robust mechanisms for ensuring the integrity and security of the supply chain. This research proposal addresses the critical need for advancing Open Source Supply Chain Security through the creation and automation of metrics that are verifiable, meaningful, non-gameable, and attestationable. Research Goal: The primary objective of this PhD research project is to develop a comprehensive framework for establishing and automating metrics within the software supply chain, focusing on Software Bill of Materials (SBoMs). The goal is to create metrics that go beyond mere compliance, providing a foundation for innovative security enhancements. These metrics will be designed to be verifiable, ensuring their accuracy; meaningful, capturing relevant security aspects; non-gameable, resistant to manipulation; and attestationable, allowing for clear demonstration of adherence to security policies.

Location: University of California Santa Cruz, Engineering Building 2, Room 506 Date: September 28th from 2:50 PM – 4:15 PM PDT https://ucospo23.sched.com/event/1RHfi/track-2-panel-supply-chain-security-in-open-source Hosts: Alvaro Cárdenas and Juanita Gómez Panelists: Jay White Gary O'Neal

Technology is a great tool to make the world accessible to the full range of human experience, which includes those with disabilities. The reach of accessibility guidelines extends beyond the scientific Python ecosystem including the Web Content Accessibility Guidelines (W3C), a comprehensive set of international standards designed to make web content more accessible. The primary objective of this SPEC (Scientific Python Accessibility) is to provide fundamental recommendations for the Scientific Python communities and their projects. These recommendations aim to ensure accessibility and inclusivity for individuals with disabilities, particularly regarding web-based content and tools. As active members of the scientific Python and open-source software (OSS) communities, we are dedicated to leveraging technology to create an inclusive environment that embraces everyone. It is important to note that accessibility is an ongoing journey, and you need not be overwhelmed by the many recommendations outlined in the provided resources. Taking an incremental approach allows for continuous improvement, ensuring that each enhancement makes technology more accessible and user-friendly. Recommendations 1. Alt text

https://github.com/Quansight/scipy-2022-swag Astronomy Scientific Python libraries for analyzing celestial bodies. Astropy: Common core package for Astronomy in Python. GitHub: https://github.com/astropy/astropy Website: https://www.astropy.org Poliastro: Interactive Astrodynamics and Orbital Mechanics, with a focus on ease of use, speed, and quick visualization. GitHub: https://github.com/poliastro/poliastro

April 27th, 2023 --- 11AM - 12PM PST https://scientific-python.org/summits/sparse/meeting2/ Attendees juanitagomezr2112@gmail.com jim22k@gmail.com dschult@colgate.edu einstein.edison@gmail.com (Hameer Abbasi) nabdennur@gmail.com