New Rust Foundation Report Details Security Initiative Progress

The Rust Foundation’s Security Initiative was created in 2022 to support security improvements to the Rust programming language ecosystem. In a new report, the Foundation details recent Rust security focus areas, milestones, and upcoming plans. 

The Rust Foundation, an independent non-profit dedicated to stewarding the Rust programming language, today released a new report detailing the recent accomplishments of their Security Initiative – an effort to advance the state of security within the Rust programming language ecosystem. 

In recent years, the global adoption and popularity of the Rust programming language have grown at a rapid rate. But as software engineers, business leaders, and global governments become more aware of the many advantages of Rust, the need for more scalable security systems and safeguards against bad actors has become more urgent. 

The Rust Foundation announced its Security Initiative in September 2022 with a mission to support and advance the state of security within the Rust Programming language ecosystem. Inaugural support from OpenSSF’s Alpha-Omega project and Rust Foundation Platinum Member, AWS allowed the Foundation to build out its Technology Team (led by Rust Foundation Director of Technology, Joel Marcey) in Q1 of 2023 with dedicated security and software engineering expertise. Additional in-kind support from Rust Foundation Platinum Member JFrog and Google and infrastructure support from Wiz provided the Security Initiative with the necessary resources to carry out impactful security work.  

The Rust Foundation Security Initiative works in close collaboration with Rust Project leaders within specific teams and working groups. This collaboration has resulted in impactful achievements between December 2022 and September 2022, including: 

  • Considerable progress on a complete security audit of the Rust ecosystem
  • Completion of several threat models, enabling the Rust Foundation and Rust Project to better understand the risks identified by the security audit
  • Development of several new tools to enhance Rust maintainers’ security workflows and unlock greater insight into vulnerabilities, including Painter.
  • crates.io technical debt reduction & API token improvements

The Rust Foundation invites you to download its first Security Initiative Report to learn more about the focus areas and achievements of this effort to date. 

> > Download the Security Initiative Report  #

Rust Foundation Executive Director & CEO Rebecca Rumbul said the following about the Security Initiative and the new report:

“I am pleased to share the Rust Foundation’s first Security Initiative Report, detailing the impressive accomplishments of the program between December 2022 and July 2023. The collaboration between our Technology Team and the Rust Project Teams and Working Groups has resulted in many new developments that will contribute to a more safe and secure Rust language and ecosystem. 

At the Rust Foundation, we are committed to investing responsibly in Rust for the common good. Better security auditing, automation, and tooling means that both seasoned Rust users and new Rust adopters can have confidence that their Rust code is as safe and secure as it can be. At scale, this means better software for everyone.

The Rust Foundation team looks forward to leading this ongoing effort and sharing detailed updates on the Security Initiative in the future.”

Further reflections on the need for Rust security support from Rebecca can be found in the report

The Rust Foundation’s Security Initiative is made stronger and more sustainable through diverse corporate sponsorship, and the Foundation is actively seeking contributions from corporations to enable us to continue this vital work into 2024. Please contact the Rust Foundation to learn how to support the Security Initiative at contact@rustfoundation.org.

For more about the Rust Foundation and to stay up to date on our latest activities, visit our website and follow us on Twitter and LinkedIn.

About the Rust Foundation  #

The Rust Foundation is an independent non-profit organization dedicated to stewarding the Rust programming language, nurturing the Rust ecosystem, and supporting the set of maintainers governing and developing the project. Learn more at rustfoundation.org.