Due to Python 2.x coming to its EoL on January 1st, 2019 there will be no further security updates or bug fixes. Because of this, it is suggested that users move their code to Python 3.x due to the risks associated with applications operating on Python 2–since none of the issues within it will be fixed. Breaches and other security incidents have been caused over the years by companies simply running unsupported software applications. Popular applications that run on Python 2.x and could be targeted by attackers include NumPy, Requests, and Tensorflow amongst many others. “If you’re still using 2.x, it’s time to port your code to Python 3.x. If you maintain a library that other developers depend on, you may be preventing them from updating to 3,” the agency said. “By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others,” stated the NCSC.
As previously stated, users should consider moving to Python 3.0 or higher. A blog was published by the NCSC that documents tools and git repository links that can help developers shift their code. If upgrading isn’t an option, it is possible to hire a commercial company in order to support Python 2.