The following announcement was issued by the Open Source Security Foundation' (OpenSSF) Alpha-Omega project on November 15, 2023 at 9am ET. The Rust Foundation is cross-posting it on our blog for visibility within our immediate audience. Alpha-Omega's original announcement can be found here.
For more information about this program, you can find our original announcement here and a progress report from July 2023 here. Our team intends to issue a second Security Initiative report in Q1 of 2024.
The Rust Foundation is grateful to Alpha-Omega and OpenSSF for their generous, continued support of our Security Initiative.
"Alpha-Omega was established by OpenSSF in 2022 with a mission of improving open source software security and in doing so, bettering our society. Two years later, the impact of our work can be seen in the various programs and priorities we have helped fund.
2022 was also the first full year of operation for the Rust Foundation — an independent nonprofit dedicated to stewarding the Rust programming language and supporting its global community. Given the considerable growth and rising popularity of the Rust programming language in recent years, it has never been more critical to have a healthy and well-funded foundation in place to help ensure the safety and security of this important language. When the Rust Foundation emerged, OpenSSF recognized a shared vision of global open source security baked into their organizational priorities from day one.
These shared security values were the driving force behind Alpha-Omega’s decision to grant $460k USD to the Rust Foundation in 2022. This funding helped underwrite their Security Initiative — a program dedicated to improving the state of security within the Rust programming language ecosystem and sowing security best practices within the Rust community. The Security Initiative began in earnest this past January and has now been in operation for a full year with many achievements to note and exciting plans in development.
While security is a clear priority of the Rust language itself and can be seen in its memory safety-critical features, the Rust Project cannot reasonably be expected to foster long term, sustainable security without proper support and funding. Indeed, there is still a pervasive attitude across technology that cybersecurity is being managed and prioritized by “someone else.” The unfortunate impact of this attitude is that critical security work often falls on overburdened and under-resourced open source maintainers.
By prioritizing the Security Initiative during their first full year in operation, the Rust Foundation has taken on the responsibility of overseeing – and supporting – security improvements within the Rust ecosystem while ensuring meaningful progress.
Today, Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative.
We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path towards a healthier and more secure future within the Rust ecosystem."
- Source: Alpha-Omega blog