Rust Foundation Establishes Security Team
Written by Alex Denham   
Monday, 19 September 2022

The Rust Foundation, the nonprofit organization dedicated to supporting and sustaining the Rust programming language, has announced it is establishing a dedicated security team.

The new team is being underwritten with support from the OpenSSF's Alpha-Omega Initiative, which partners with open source software projects and maintainers to improve the global software supply chain security, and Rust Foundation's newest Platinum member JFrog.

rustlogo2

Explaining the need for the new team, Bec Rumbul, Executive Director at the Rust Foundation, said that because Rust ensures memory safety there's often a misconception that it's completely secure, but that Rust can be vulnerable just like any other language and it warrants proactive measures to protect and sustain it and the community.

The support from Alpha-Omega and JFrog include dedicated staff resources that the Rust Foundation will use to create and implement security best practices. Rumbul said that the first initiative for the new Security Team will be to undertake a security audit and threat modeling exercises to identify "how security can be economically maintained going forward".

The team will look beyond the central Rust language to the wider ecosystem, including Cargo and Crates.io, and will be a resource for the maintainer community.

Part of the ten point plan for open source security created earlier in the year by the Open Source Software Foundation was the recommendation that changing to use memory-safe languages such as Rust and Go would eliminate the root causes of many vulnerabilities. As part of this initiative, the OpenSSF's Alpha-Omega Initiative has made a grant to the Rust Foundation to support a dedicated security engineer. Alpha-Omega is funded by Google and Microsoft with a mission of direct engagement to improve the security of OSS projects.

rustlogo

More Information

Alpha-Omega Project

Rust Foundation Website

Related Articles

New Initiative For Taking Open Source Software Security Seriously 

Facebook Open Source Joins Rust Foundation

Rust Team Announces Rust Foundation

European Union Will Pay For Finding Bugs In Open Source Software

Amazon AWS Invests In Rust

Google Supports Rust For Android OS Development

Microsoft Offers Rust For Windows

$1 Million SOS Rewards Pilot Program

Taking Open Source Criticality Seriously

Open Source Insights Into The Software Supply Chain

The State Of Secure Software Development - Three OpenSSF Courses


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Data Wrangler Gets Copilot Integration
11/11/2024

Microsoft has announced that Copilot is being integrated into Data Wrangler. The move will give data scientists the ability to use natural language to clean and transform data, and to get help with fi [ ... ]


+ Full Story
C23 ISO Standard Is Here But You Probably Won't Read It
06/11/2024

At last ISO C23 has been published, but at $250 you probably aren't going to read it. Can we really tolerate this sort of profiteering on the work of others? This is worse than academic publishing!


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Monday, 19 September 2022 )