Nearly five months after the Python Software Foundation finally ended support for the Python 2 programming language, many developers are continuing to use it, heightening security risks for their organizations in the process.
Support for Python 2 ended Jan. 1, 2020. The Python Software Foundation has stopped making any improvement updates or security fixes for it and has urged everyone using Python 2 to move to Python 3.
The decision means that organizations using Python 2 will most likely be on their own if any major security issues — new and legacy — were to suddenly crop up in the software. Security issues that are discovered in Python 3 will not be checked against Python 2, leaving organizations vulnerable to potential attacks.
"If people find catastrophic security problems in Python 2 or in software written in Python 2, then most volunteers will not help fix them," the Python Software Foundation had bluntly noted in its Python 2 end-of-life announcement.
Python 2.0 was released in 2000 and continues to be a popular programming language among developers. Though its use has been declining in recent years, a relatively high percentage of Python apps in enterprises are based on Python 2.
In fact, as recently as June 2019 — and long after the Python Software Foundation had announced Python 2's end of life — the most popular Python packages being downloaded from the Python Package Index were still Python 2 versions.
"Even if only a portion of these downloads are being used in live projects, the Python 2 EOL could potentially affect the security of millions of systems," the UK's National Cyber Security Institute had continued python heighten security risks