Publications
Shipping post-quantum cryptography to Python
We added post-quantum cryptography support to
pyca/cryptography, the eleventh most-downloaded Python package on PyPI, putting quantum-resistant ML-KEM and ML-DSA algorithms one pip install away for the entire Python ecosystem.Bringing full YAML anchor support to zizmor
We improved YAML anchor support in zizmor and tested it against 41,253 real-world GitHub Actions workflows from high-value open-source projects.
Making PyPI's test suite 81% faster
See how we slashed PyPI’s test suite runtime from 163 to 30 seconds.
The techniques we share can help you dramatically improve your own project’s
testing performance without sacrificing coverage.
Don’t recurse on untrusted input
We developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.
