Do you program in Rust? Me neither. I had barely heard of it. I received this news. Valuable if you use Rust. Interesting for any other language to think about security within a language.
The Rust Foundation, the nonprofit organization dedicated to supporting and sustaining the Rust programming language, announced Sept. 13, 2022 it is establishing a dedicated security team. The team is being underwritten with generous support from the OpenSSF’s Alpha-Omega Initiative, which partners with open source software projects and maintainers to improve the global software supply chain security, and Rust Foundation’s newest Platinum member JFrog.
These investments from Alpha-Omega and JFrog include dedicated staff resources that will enable the Rust Foundation to create and implement security best practices. The first initiative for the new Security Team will be to undertake a security audit and threat modeling exercises to identify how security can be economically maintained going forward. The team will also help advocate for security practices across the Rust landscape, including Cargo and Crates.io, and will be a resource for the maintainer community.
JFrog just last week announced it is joining the Rust Foundation at the Platinum level. As part of the company’s investment in the Rust Foundation and ecosystem, JFrog has committed members of its Security Research team to work on the Rust Foundation Security Team. JFrog joins AWS, Google, Huawei, Meta, Microsoft, and Mozilla at the Platinum level.