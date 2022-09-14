The Rust Foundation, the nonprofit unit for the improvement and development of the Rust programming language, has formed a team dedicated to assessing and advancing language safety. For some years Rust has become a language much loved by developers and a strong candidate to replace Go or C++ (although it now has competition from Carbon).

Now the objective is to reinforce its security. Although there has sometimes been a perception that because Rust guarantees memory safety (which has made it very popular and appreciated by Google for Android), the language is 100% safe, Rust can be vulnerable like any other languagesaid Bec Rumbul, executive director of the foundation just yesterday.

For this mission, the Rust security team is supported by the OpenSSF Alpha-Omega initiative, a Linux Foundation project focused on enterprise security. open source software supply chain, and development platform provider JFrog. The goal is to focus on the entire Rust environment, including Rust’s Cargo package manager and the Crates.io registry.

The Alpha-Omega Initiative of OpenSSF and JFrog provide staff and resources dedicated to applying best practices for the security of Rust. They first consider conducting an audit to identify how security can be maintained economically in the future.

The OpenSSF Alpha-Omega initiative is funded by Google and Microsoft, with a mission to improve the security of open source software projects. Google is interested in investing in this since he adopted this language to improve security in Android development. Last year, the one from Mountai View explained that:

Rust provides memory security guarantees using a combination compile-time checks to enforce the lifetime/ownership of objects and run-time checks to ensure memory accesses are valid. This security is achieved by providing performance equivalent to that of C and C++.

So the Linux Foundation is interested in this. Recall that OpenSSF suggested in its 10 Point Open Source Security Mobilization Plan, published earlier this year, that the industry work to eliminate the root causes of many vulnerabilities by replacing non-memory-safe languages ​​with Rust and Go.