JavaScript is not available.

Jul 23, 2019

Introducing the Rust Safety Dance, a project by the Secure Code WG to audit and potentially eliminate usages of unsafe from core ecosystem (and other) crates: github.com/rust-secure-co

133

RustSec

@RustSec

Sep 8, 2020

Introducing `auditable`: audit compiled

r/rust on Reddit: Introducing `auditable`: audit Rust binaries for known bugs or vulnerabilities in...

binaries against security advisories in the

@RUSTSEC

database:

reddit.com

Posted by u/Shnatsel - 448 votes and 45 comments

Rust Language

crates.io security advisory | Rust Blog

Jul 14, 2020

The Rust team was notified of a vulnerability affecting crates.io API tokens generation and storage, and out of aboundance of precaution we revoked all existing tokens. Learn more on the advisory:

blog.rust-lang.org

Empowering everyone to build reliable and efficient software.

141

294

const @oli@hachyderm.io

Why am I learning about github.com/ANSSI-FR/rust- just today? This is super cool

GitHub - ANSSI-FR/rust-guide: Recommendations for secure applications development with Rust

Recommendations for secure applications development with Rust - GitHub - ANSSI-FR/rust-guide: Recommendations for secure applications development with Rust

JP Aumasson

@veorq

Jan 29, 2020

cargo tools that may or may not be useful when auditing code: audit, clippy, geiger, outdated others?

Jan 25, 2020

cargo-geiger has a new home in the

@RustSecureCode

WG:

GitHub - rust-secure-code/cargo-geiger: Detects usage of unsafe Rust in a Rust crate and its...

Detects usage of unsafe Rust in a Rust crate and its dependencies. - GitHub - rust-secure-code/cargo-geiger: Detects usage of unsafe Rust in a Rust crate and its dependencies.

Tony "Abolish ICE" Arcieri

RustSec

@RustSec

Jan 23, 2020

`cargo audit fix` can now (sometimes) fix your vulnerable dependency requirements automatically!

Quote Tweet

@bascule

Jan 23, 2020

cargo-audit v0.11: Introducing the `fix` feature, yanked crate detection, and more /cc @rustlang blog.rust-lang.org/inside-rust/20

Keeping

projects secure with cargo-audit 0.9: dependency trees, core advisories, unmaintained crates - Inside Rust blog

blog.rust-lang.org

Keeping Rust projects secure with cargo-audit 0.9: dependency trees, core advisories, unmaintained...

Want to follow along with Rust development? Curious how you might get involved? Take a look!

May 18, 2019

Interested in making it easy to reproduce builds of

apps/libraries or build-time sandboxing for Cargo? We're kicking off a couple of new crates and looking for interested contributors! - cargo-repro: github.com/rust-secure-co - cargo-sandbox:

GitHub - rust-secure-code/cargo-sandbox: Perform Cargo builds inside of a sandboxed environment

Perform Cargo builds inside of a sandboxed environment - GitHub - rust-secure-code/cargo-sandbox: Perform Cargo builds inside of a sandboxed environment

Request for

CVE post-mortems when critical advisories occur in the standard library

internals.rust-lang.org

Request for CVE post-mortems

The last two CVEs announcement boil down to: CVE was introduced here, fixed there, these are the affected versions. This reads like the CVE was fixed, but were we to make the exact same errors for a...

May 5, 2019

List of security-related

projects

GitHub - rust-secure-code/projects: Contains a list of security related Rust projects.

Contains a list of security related Rust projects. - GitHub - rust-secure-code/projects: Contains a list of security related Rust projects.

May 5, 2019

After much ado, we have a real logo!

Mar 11, 2019

Or vote via Twitter!

Quote Tweet

Joshua Liebow-Feeser

@joshlf_

Mar 11, 2019

Give us your opinion! Which should be the logo for the @rustlang Secure Code Working Group? Vote here or on GitHub: github.com/rust-secure-co Option A: bit.ly/2CeAqBt Option B: bit.ly/2HeYAjm @rustsecurecode #rust #rustlang

Show this poll

Vote for the

working group's logo! See the linked GitHub issue to vote /cc

github.com/rust-secure-co

Show this thread

Joshua Liebow-Feeser

@joshlf_

Jan 29, 2019

Final call for logos for the

Secure Code Working Group! 24h left!

Logo · Issue #1 · rust-secure-code/wg

Reviving the Underhanded

@Rustlang

contest #rust2019

Revive the Underhanded Rust contest · Issue #256 · rust-community/team

The Secure Code WG has expressed interest in doing another underhanded Rust contest. The last one was not repeated due to personal constraints, not because it worked badly. It had 2 issues: Lack of...

Security as Rust 2019 goal

Jan 18, 2019

Check out the Rust Secure Code WG's #Rust2019 blog post! We're trying to make it easy to write secure code in Rust

shnatsel.medium.com

The goals and 2019 roadmap of Rust Secure Code Working Group

RustSec

@RustSec

Jan 18, 2019

A proposal for a minimum viable integration between

@rustsec

and

Pre-RFC: Reviving "Security advisories in crates.io" (RFC PR #1752)

's cargo utility: internals.rust-lang.org/t/pre-rfc-revi #rust2019

internals.rust-lang.org

Ok, so, after thinking about this for awhile, I have a new proposal. How about the thing @alexcrichton suggested 3 years ago that the core team keeps telling us we should consider?

Introducing the Rust Secure Code Working Group! Check out our GitHub at github.com/rust-secure-co or find us on the "secure-code-wg" channel on the rust-lang Zulip! rust-lang.zulipchat.com/#narrow/stream