The Rust Foundation, the nonprofit organization dedicated to supporting and sustaining the Rust programming language, is establishing a dedicated security team. The team is being underwritten with generous support from the OpenSSF’s Alpha-Omega Initiative, which partners with open source software projects and maintainers to improve the global software supply chain security, and Rust Foundation’s newest Platinum member JFrog.
These investments from Alpha-Omega and JFrog include dedicated staff resources that will enable the Rust Foundation to create and implement security best practices.
The first initiative for the new Security Team will be to undertake a security audit and threat modeling exercises to identify how security can be economically maintained going forward. The team will also help advocate for security practices across the Rust landscape, including Cargo and Crates.io, and will be a resource for the maintainer community.
The OpenSSF suggested in its 10-Point Open Source Security Mobilization Plan released earlier this year that the industry work to eliminate root causes of many vulnerabilities through the replacement of non-memory-safe languages like Rust and Go. As a result, the OpenSSF’s Alpha-Omega Initiative has made a grant to the Rust Foundation to support a dedicated security engineer.
JFrog last week announced it is joining the Rust Foundation at the Platinum level. As part of the company’s investment in the Rust Foundation and ecosystem, JFrog has committed members of its Security Research team to work on the Rust Foundation Security Team.