The Rust Foundation, which supports the development of the popular open-source Rust programming language, announced today that it’s establishing a dedicated security team.

The foundation’s security team includes dedicated staff resources enabling it to create and implement security best practices. The first initiative for the new team will be to undertake a security audit and threat modeling exercises to identify how security can be economically maintained going forward. The team will also help advocate for security practices across the Rust landscape, including Cargo and Crates.io, and will be a resource for the maintainer community.

The team is being underwritten by the Open Source Security Foundation’s Alpha-Omega Initiative, which partners with open-source software projects and maintainers to improve the global software supply chain security, and Rust Foundation’s newest Platinum member, DevOps company JFrog Ltd.

Alpha-Omega is funded by Google LLC and Microsoft Corp. with a mission of direct engagement to improve the security of open-source software projects. The funding from OpenSSF will go toward funding a dedicated security engineer. JFrog’s commitment includes members of its security research team working on the Rust Foundation security team.

JFrog announced on Sept. 6 that it’s joining the Rust Foundation as a platinum member, along with existing platinum members Amazon Web Services Inc., Google, Huawei Technologies Co. Ltd., Meta Platforms Inc., Microsoft and Mozilla Corp.

“There’s often a misperception that because Rust ensures memory safety that it’s 100% secure, but Rust can be vulnerable just like any other language and warrants proactive measures to protect and sustain it and the community,” Bec Rumbul, executive director at the Rust Foundation, said in a statement. “With the establishment of the Rust Foundation Security Team, we will be able to support the broader Rust community with the highest level of security talent and help ensure the reliability of Rust for everyone.”

Along with supporting the development of Rust, the Rust Foundation also offers a Community Grants Program. Launched in June, the program provides funds to the Rust development community, including assisting maintainers in maintaining focus on work that best demonstrates the capabilities of Rust.

Image: Rust Foundation