Python's End-of-Life date is 129 days away and will never see another bug fix. The NCSC has warned that if developers continue to use unsupported modules, they are risking the security of their organisations and data, as vulnerabilities will sooner or later appear which nobody is fixing.
"If you maintain a library that other developers depend on, you may be preventing them from updating to 3", the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others... If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you." The agency warns that companies who don't invest in migrating their Python 2.x code might end up in the same position as Equifax or the WannaCry victims.
"At the NCSC we are always stressing the importance of patching. It's not always easy, but patching is one of the most fundamental things you can do to secure your technology," the agency said. "The WannaCry ransomware provides a classic example of what can happen if you run unsupported software By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available."