JFrog Ltd. announced a new initiative with the Rust Foundation, an independent non-profit organization that stewards the Rust programming language, focused on identifying and eliminating security threats to the Rust platform and ecosystem. Starting immediately, the JFrog Security Research team will provide access to information on known software vulnerabilities, ongoing threat research, and dedicated developer resources to proactively amend discovered Rust platform issues to prevent future risks.
“Securing the software supply chain can’t be achieved with a one-time effort – it requires ongoing commitment, plus a multi-layered approach, and we believe memory-safe languages play a big role in that plan,” said Stephen Chin, VP of Developer Relations at JFrog. “By working hand-in-hand with the Rust Foundation, we can ensure this cornerstone programming language remains a recommended best practice in the development of modern, secure software.”
Removing Root Causes of Software Vulnerabilities
A study by Google indicated memory safety issues have represented almost the same proportion of security vulnerabilities designated as critical vulnerability exposures (CVEs) for over a decade. The Rust programming language – which Slashdata boasts has tripled its usage to 2.2 million developers over the past two years – was designed from the ground up to be both memory-safe and deliver high-performance. This means the language does not allow users to access memory they aren’t permitted to access, significantly reducing their ability to unknowingly inject malicious code that could make the language insecure.
For this reason, Rust has been identified as a “critical open source software project” by the Open Source Security Foundation (OpenSSF) and granted support under the OpenSSF’s Alpha-Omega Project to help identify new and as-yet-undiscovered vulnerabilities to improve Rust’s security posture. The inherent stability and performance of Rust, coupled with JFrog’s advanced security tools, research, and expertise, will help safeguard the Rust language over time.
“We’re thrilled to have JFrog’s support in proactively improving Rust’s security and design principles so developers can have greater peace of mind when they code,” said Bec Rumbul, Executive Director, Rust Foundation. “I believe this investment will keep Rust safe, secure, and sustainable, enabling new use cases and wider industry adoption.”
JFrog and its Security Research team are the latest additions to a growing list of technology companies on the Rust Foundation Board of Directors, including Microsoft, Huawei, Google, AWS, and Mozilla. JFrog’s Rust membership adds to the company’s long list of open-source security initiatives, such as Pyrsia, Frogbot, status as a board member for the OpenSSF, and more.