The Rust Foundation, the nonprofit organization for the Rust programming language, today announced that it will be establishing a dedicated security team, underwritten by the OpenSSF’s Alpha-Omega Initiative as well as the foundation’s newest platinum member, JFrog.
“There’s often a misperception that because Rust ensures memory safety that it’s one hundred percent secure, but Rust can be vulnerable just like any other language and warrants proactive measures to protect and sustain it and the community,” said Bec Rumbul, executive director at the Rust Foundation. “With the establishment of the Rust Foundation Security Team, we will be able to support the broader Rust community with the highest-level of security talent and help ensure the reliability of Rust for everyone. Of course, this is just a start. We hope to continue to build out the team in the coming months and years.”
According to the Rust Foundation, the investments from Alpha-Omega and JFrog include staff resources that allow the foundation to implement best security practices.
The new security team will work to undertake a security audit and threat modeling exercises in order to identify how to economically maintain security going forward. The team will also advocate for security practices spanning the Rust landscape, including Cargo and Crates.io.
“The Rust Foundation provides the forum for collaboration among all Rust stakeholders and is the natural home for a dedicated security team,” said Stephen Chin, VP of developer relations at JFrog. “We believe it’s the responsibility of all of us who use Rust to contribute resources for the greater good of the community, and providing world class researchers from the JFrog Security team is one of the ways we are supporting the Rust ecosystem.”
For more information, visit the website.