Rust Secure Code Working Group
This repository is the central issue tracker used by the Secure Code WG to coordinate efforts towards promoting secure code development in Rust.
Our mission is to make it easy to write secure code in Rust.
We have the following goals for the Rust language and ecosystem:
- Most tasks shouldn't require dangerous features such as
unsafe. This includes FFI.
- Mistakes in security code should be easily caught by machines or, failing that, humans aided by machines.
- It should be clear to programmers how to perform security-sensitive tasks.
- Security-critical code which is relied on by Rust programmers should be bug free.
- cargo-audit: Audit Rust projects for vulnerable dependencies sourced from the RustSec Advisory Database.
- cargo-geiger: Gather statistics on usage of unsafe code in a Rust crate and all its dependencies.
- cargo-supply-chain: Gather author, contributor and publisher data on crates in your dependency graph.
- safety-dance: Auditing crates for unsafe code which can be safely replaced.
- We also maintain a list of security-related projects.