JFrog Ltd. announced a new initiative with the Rust Foundation, an independent nonprofit organization that manages the Rust programming language, focused on identifying and eliminating security threats to the Rust platform and ecosystem. Effective immediately, the JFrog Security Research team will provide access to information about known software vulnerabilities, ongoing threat research, and dedicated resources for developers to proactively modify issues discovered on the Rust platform to prevent future risks.
“Securing the software supply chain cannot be achieved with a one-time effort – it requires continuous commitment, as well as a multi-layered approach, and we believe that memory-safe languages play an important role in this plan” , said Stephen Chin, Vice President of Developer Relations at JFrog. “By working hand-in-hand with the Rust Foundation, we can ensure that this foundational programming language remains a recommended best practice in modern, secure software development.”
Remove root causes of software vulnerabilities
A Google study indicates memory safety issues represent nearly the same proportion of security vulnerabilities designated as critical vulnerability exposures (CVEs) for over a decade. The Rust programming language – which Slashdata boasts of has tripled its use to 2.2 million developers in the past two years – was designed from the ground up to be both memory secure and high performance. This means that the language does not allow users to access memory they are not authorized to access, which greatly reduces their ability to unknowingly inject malicious code that could render the language insecure.
For this reason, Rust has been identified as a “critical open source software project” by the Open Source Security Foundation (OpenSSF) and has been granted support under the OpenSSF Alpha-Omega Project to help identify new and undiscovered vulnerabilities to improve Rust’s security posture. Rust’s inherent stability and performance, combined with JFrog’s advanced security tools, research, and expertise, will help protect the Rust language over time.
“We’re thrilled to have JFrog’s support to proactively improve Rust’s security and design principles so developers can have greater peace of mind when coding,” said Bec Rumbul, Director executive, rust foundation. “I believe this investment will ensure the safety, security and sustainability of Rust, enabling new use cases and broader industry adoption.”
JFrog and its security research team are the latest additions to a growing list of tech companies serving on the Rust Foundation’s board of directors, including Microsoft, Huawei, Google, AWS and Mozilla. Joining JFrog with Rust adds to the company’s long list of open source security initiatives, such as Pyrsia, robot frogOpenSSF board member status, and more.