Rust Foundation raises $460,000 and creates security team

Rust Foundation raises $460,000 and creates security team

The Open Source Security Foundation (OpenSSF) is funding the Rust Foundation with $460,000. As a measure of the Alpha-Omega project, the cash injection flows into security measures relating to the Rust programming language. The foundation uses the money and support of recent member JFrog to set up a dedicated security team.

The Rust Foundation, founded in 2020, takes care of the further development and ecosystem of the programming language. The newly formed team is responsible for security aspects related to Rust. The language is considered to be more secure than alternatives such as C or C++, mainly because of its concepts for memory safety, but in many areas it is just as vulnerable as other programming languages. Among other things, the methods for securing the software supply chain are less consistent than with Go.

As a first step, the new team should carry out a security audit and perform threat modeling to determine where security can be improved most economically. It should also take care of security practices in the entire Rust landscape, including the package manager Cargo and Crates.io.

When it comes to methods for securing the software supply chain, JFrog is particularly in demand: The company, which specializes in the software supply chain, has been a platinum member of the Rust Foundation since the beginning of September. Parts of JFrog’s security research team will work in the foundation’s newly formed security team.

The Linux Foundation created the OpenSSF 2020 to improve the security of open source software. In February 2022, representatives of technology companies, US authorities and non-profit organizations met in the White House with the same goal. This ultimately resulted in the Alpha-Omega project, which primarily focuses on the security of the software supply chain.

The JavaScript runtime environment Node.js received the first grant under the Alpha Omega initiative. In June 2022, two other large open source foundations followed, the Python Software Foundation (PSF) and the Eclipse Foundation.

On November 9th, heise Developer and dpunkt.verlag are hosting the betterCode Rust. The second edition of the online conference on November 9th is dedicated to the practical use of the language and wants to clear the first hurdles when getting started with Rust in order to develop productively.

Rust is also a topic at the heise devSec conference on secure software development, organized by heise Developer, heise Security and dpunkt.verlag and taking place in Karlsruhe at the beginning of October. There, one talk is dedicated to the programming language directly, while two other talks compare the language features and ecosystems of Rust and other programming languages.

More details about the formation of the security team can be found on the Rust Foundation blog. Additional information on the new and existing Open Source Security Foundation grants can be found on the OpenSSF blog.

(rm)

To home page

The most interesting games of 2022 Previous post The most interesting games of 2022
SUV HMMWV in the service of the Armed Forces of Ukraine: details about the iconic US jeep Next post SUV HMMWV in the service of the Armed Forces of Ukraine: details about the iconic US jeep