The Rust Foundation, the non-profit organization for the Rust programming language, has announced the creation of a dedicated security team; led by OpenSSF’s Alpha-Omega Initiative, a Linux Foundation project focused on open source software supply chain security, and the foundation’s newest platinum member , Devops platform provider JFrog provides support.

Alpha-Omega and JFrog’s investment also includes dedicated staff resources “that will enable the Rust Foundation to create and implement security best practices”. As part of the company’s investment in the Rust Foundation and ecosystem, JFrog has committed members of its security research team to work on the Rust Foundation security team.

According to Bec Rumbul, executive director of the Rust Foundation, there is often a misconception that because Rust ensures memory safety, people mistake it for 100% safety. But Rust, like any other language, is open to attack, so proactive measures need to be taken to protect and maintain it and the community. “With the creation of the Rust Foundation Security Team, we will be able to support the wider Rust community with the highest level of security talent and help ensure Rust is reliable for everyone. Of course, this is just the beginning. We hope that in the coming days months and years to continue building this team.”

According to the introduction,The first move for the new security team will be to conduct security audits and threat modeling exercises to determine how security can be maintained economically in the future. The team will also help advocate for security practices across the Rust space, including Cargo and Crates.io, and will be a resource for the maintainer community.

OpenSSF released its 10-Point Open Source Security Mobilization Plan It suggests that the industry should work to eliminate the source of many vulnerabilities by replacing non-memory-safe languages ​​like C and C++ with languages ​​like Rust and Go.

Therefore, OpenSSF’s Alpha-Omega Initiative A grant has been made to the Rust Foundation to support a dedicated security engineer. Alpha-Omega is funded by Google and Microsoft and its mission is to directly participate in improving the security of OSS projects. “We are learning how to turn money into security”.