#privacy: Python 2 users could be open to incident of WannaCry proportions

Python 2

The UK’s National Cyber Security Centre (NCSC) is warning companies that continue to use Python 2 that the ageing software could lead to another security breach similar in scale to the WannaCry or Equifax catastrophes.

As Python 2.x comes towards its end-of-life on January 1st 2020, its users are being urged to shift to the 3.x version without delay, with the NCSC highlighting that those who fail to do so risk hitting security failures and possible code breakdown.

The NCSC stated:

“If you’re still using 2.x, it’s time to port your code to Python 3. If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing.”

“If you maintain a library that other developers depend on, you may be preventing them from updating to 3. By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others.”

In an official blog post, developers are thus being encouraged to migrate their code to the latest Python iteration. The NCSC post summarises the plus-points that Python 3 boasts, and lists tools that can help developers make the jump.

“If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you,” the NCSC said, before detailing that security incidents are to be expected for those who do not take appropriate action.

The agency warns that inactivity could lead to companies drifting into another WannaCry or Equifax incident.

“At the NCSC we are always stressing the importance of patching. It’s not always easy, but patching is one of the most fundamental things you can do to secure your technology,” the agency said.

“The WannaCry ransomware provides a classic example of what can happen if you run unsupported software.

“By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available,” the agency continued.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/