JFrog Collaborates with the Rust Foundation to Root-out Open Source Software Vulnerabilities

JFrog, the Liquid Software company and creators of the JFrog DevOps Platform, announced a new initiative with the Rust Foundation, an independent non-profit organization that stewards the Rust programming language, focused on identifying and eliminating security threats to the Rust platform and ecosystem. Starting immediately, the JFrog Security Research team will provide access to information on known software vulnerabilities, ongoing threat research, and dedicated developer resources to proactively amend discovered Rust platform issues to prevent future risk.

Stephen Chin, VP of Developer Relations at JFrog, said, “Securing the software supply chain can’t be achieved with a one-time effort – it requires ongoing commitment, plus a multi-layered approach, and we believe memory-safe languages play a big role in that plan. By working hand-in-hand with the Rust Foundation, we can ensure this cornerstone programming language remains a recommended best practice in the development of modern, secure software.”

Removing Root Causes of Software Vulnerabilities

A study by Google indicated memory safety issues have represented almost the same proportion of security vulnerabilities designated as critical vulnerability exposures (CVEs) for over a decade. The Rust programming language – which Slashdata boasts has tripled its usage to 2.2 million developers over the past two years – was designed from the ground up to be both memory-safe and deliver high-performance. This means the language does not allow users to access memory they aren’t permitted to access, significantly reducing their ability to unknowingly inject malicious code that could make the language insecure.

For this reason, Rust has been identified as a “critical open source software project” by the Open Source Security Foundation (OpenSSF) and granted support under the OpenSSF’s Alpha-Omega Project to help identify new and as-yet-undiscovered vulnerabilities to improve Rust’s security posture. The inherent stability and performance of Rust, coupled with JFrog’s advanced security tools, research, and expertise, will help safeguard the Rust language over time.

Bec Rumbul, Executive Director, Rust Foundation, said, “We’re thrilled to have JFrog’s support in proactively improving Rust’s security and design principles so developers can have greater peace of mind when they code. I believe this investment will keep Rust safe, secure, and sustainable, enabling new use cases and wider industry adoption.”

Leave a Reply

Your email address will not be published. Required fields are marked *