First, thank you to Alpha-Omega for supporting the Rust Foundation.
The purpose of the Rust Foundation’s engagement with Alpha-Omega engagement is to provide security resources to the Rust Project and ecosystem via the Foundation’s security initiative.
The Rust Foundation’s Security Initiative is a larger program funded and resourced by Alpha-Omega, JFrog and other partners. Using the Open Source Software Software Security Mobilization Plan as one piece of guidance, the focus of the work will be in key security areas, including:
- Hiring a dedicated security engineer to support the initiative
- A security audit and threat modeling exercises to identify how security can be economically maintained going forward.
- Advocate for security practices across the Rust landscape, including Cargo and Crates.io.
- Development of tools and features based on security research recommendations.
- Development of documentation to demystify security practices and encourage best practice in the Rust ecosystem.
- Development of a security toolkit that can be accessed and used universally.
- Making a steady stream of Rust ecosystem fixes that were directly identified through security research, including the use of developed tools and toolkits.
- Participation in drafting a proposal to define a mechanism for certifying Rust code (e.g., crates) as officially audited for security vulnerabilities.
- A number of security-focused Community Grant Program recipients are mentored and developed into active and high capacity security maintainers.
This engagement started in September 2022 and is expected to continue through at least all of 2023.
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- Joel Marcey - Director of Technology, Rust Foundation
- Walter Pearce - Security Engineer, Rust Foundation
- Adam Harvey - Software Engineer, Rust Foundation
- Tobias Bieniek - Software Engineer, Rust Foundation
- Jan David Nose - Infrastructure Engineer, Rust Foundation
- OSSF Announcement
- Rust Foundation Security Initiative Announcement
- Initial Press Release
- Announcing Security Engineer
- Announcing Software Engineer
- Rewarding Resilience: Rust & the U.S. National Cybersecurity Strategy
- Rust added to NIST list of safer languages
- Rust Foundation Security Initiative public report - July 2023
- Rust Foundation an Associate Member of OSSF