Lukas Pühringer is a security-focused software engineer based in Linz, Austria, with 13 years of hands-on experience building robust back-end systems. He specializes in supply chain security and has made notable open-source contributions to high-profile projects like in-toto and The Update Framework (TUF), improving signature parsing, metadata APIs, and key management. Lukas has a track record of replacing ad-hoc crypto code with established libraries (securesystemslib), fixing vulnerabilities, and tightening dependency and test configurations to raise project-wide security posture. Comfortable across implementation and design, he blends practical engineering with a deep appreciation for auditable, verifiable workflows. Colleagues rely on him for pragmatic security improvements that integrate cleanly into existing codebases rather than theoretical-only solutions.
in-toto is a framework to protect supply chain integrity.
Role in this project:
Back-end Developer & Security Engineer
Contributions:13 releases, 209 reviews, 1059 commits in 6 years 7 months
Contributions summary:Lukas contributed to the project by adding a new subdirectory common to toto and tuf, which houses the schema.py and other relevant files, potentially for shared functionality. The commits indicate a focus on security-related components and formats, as the user worked with data structures, and with gpg signing. Furthermore, the user implemented a function to parse a signature.
Python reference implementation of The Update Framework (TUF)
Role in this project:
Back-end & Security Engineer
Contributions:4 releases, 567 reviews, 527 commits in 6 years
Contributions summary:Lukas primarily contributed to enhancing the security of the TUF Python implementation. They refactored the `repository_lib` module to utilize `securesystemslib` for key generation and management, replacing custom implementations with calls to the more secure library. The user also fixed vulnerabilities, updated dependencies and test configurations (e.g., coverage paths, installing TUF in editable mode), and added the correct PGP fingerprint, which enhanced the security of the project. Furthermore, they have made enhancements to the metadata API in the project.
pythonsecuritycompromiserevocationupdate
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.