OpenSSF Alpha-Omega Funding and JFrog’s Commitment of Time to Security Research Creates a Dedicated Foundation Team
DUBLIN, September 13, 2022 /PRNewswire/ — The Rust Foundation, the nonprofit organization dedicated to supporting and maintaining the Rust programming language, today announced the creation of a dedicated security team. The team is underwritten with the generous support of the The OpenSSF Alpha-Omega Initiativethat partners with open source software projects and maintainers to improve global software supply chain security, and Rust Foundation’s Newest JFrog Platinum Member.
“There is often a misperception that because Rust provides memory security, it is one hundred percent secure, but Rust can be vulnerable like any other language and warrants proactive measures to protect it and maintain it and the community,” said Bec Rumbul, executive director of the Rust Foundation. “With the creation of the Rust Foundation Security Team, we will be able to support the wider Rust community with the highest level of security talent and help ensure the reliability of Rust for everyone. the world. Of course, this is just the beginning. We hope to continue to strengthen the team in the months and years to come.”
These investments from Alpha-Omega and JFrog include dedicated human resources that will enable the Rust Foundation to create and implement security best practices. The first initiative of the new security team will be to undertake a security audit and threat modeling exercises to identify how security can be maintained cost-effectively in the future. The team will also help champion security practices across the Rust landscape, including Cargo and Crates.io, and be a resource for the maintainer community.
The OpenSSF suggested in its 10 Point Open Source Security Mobilization Plan published earlier this year that the industry is working to eliminate the root causes of many vulnerabilities by embracing memory-safe languages like Rust and Go. As a result, OpenSSF Alpha-Omega Initiative awarded a grant to the Rust Foundation to support a dedicated security engineer. Alpha-Omega is funded by Google and Microsoft with a direct engagement mission to improve the security of OSS projects. “We learn to turn money into security,” said Michael Winner and Michel Scovettaco-directors of the project.
“The Rust programming language holds great promise for a more secure global supply chain, and the Rust Foundation is the home of this work,” said Brian Behlendorf, GM, OpenSSF. “We can’t wait to see the Rust Foundation security team get started and collaborate on this important work.”
JFrog announced last week that he was joining the Rust Foundation at the Platinum level. As part of the company’s investment in the Rust Foundation and ecosystem, JFrog has hired members of its security research team to work on the Rust Foundation security team. JFrog joins AWS, Google, Huawei, Meta, Microsoft and Mozilla at the Platinum level.
“The Rust Foundation provides the forum for collaboration among all Rust stakeholders and is the natural home for a dedicated security team,” said Stephen Chin, Vice President of Developer Relations, JFrog. “We believe it is the responsibility of all of us who use Rust to contribute resources for the greater good of the community, and providing world-class researchers from the JFrog Security team is one of the ways we let’s support the Rust ecosystem.”
For more information on the Rust Foundation, please visit https://foundation.rust-lang.org/.
About the Rust Foundation
The Rust Foundation is the nonprofit organization dedicated to supporting and maintaining the Rust programming language through virtual and in-person collaboration, training and education, open governance, and technical infrastructure. For more information, please visit: https://foundation.rust-lang.org/
SOURCE The Rust Foundation