Foundation spearheading efforts to bolster security in crucial system infrastructures through Rust language.
The Rust Foundation has launched the Safety-Critical Rust Consortium, an initiative aimed at expanding the use of Rust as a secure programming language among critical infrastructure providers and other sectors [1]. The consortium includes several new and existing manufacturers, software firms, and other organizations, such as AdaCore, Ferrous Systems, OxidOS, Lynx Software Technologies, TrustInSoft, and Woven by Toyota [2].
The push towards adopting memory-safe programming languages like Rust in critical infrastructure sectors, such as automotive, aviation, medical devices, railway, and energy, is driven by the need to mitigate risks of memory errors and improve overall system reliability. Traditional systems programming languages like C and C++ are prone to memory-related errors, which can lead to system crashes or security vulnerabilities [1][2].
Rust, one of the most memory-safe programming languages currently available, helps prevent classes of exploits related to memory corruption, which are common attack vectors in critical systems. By reducing memory-unsafe constructs, Rust contributes to a more secure environment, with careful scrutiny of even unsafe blocks for safety concerns [2].
The Safety-Critical Rust Consortium is dedicated to the responsible use of the programming language Rust in critical applications. The consortium's objectives are to formalize safe Rust usage guidelines tailored for critical applications, contributing to robust development practices that ensure memory safety and overall system reliability [1].
Industry momentum plays a significant role in fostering the ecosystem, with organizations and consortia like the Safety-Critical Rust Consortium developing domain-specific standards and facilitating adoption in sectors such as automotive and aerospace, where software defects can have catastrophic consequences [1][3].
The heightened concerns about software security in the open source community and among federal officials responsible for developing resilience in critical infrastructure sectors have led to the Cybersecurity and Infrastructure Security Agency (CISA) encouraging manufacturers to shift towards memory-safe programming languages [4]. The Safety-Critical Rust Consortium is responding to these concerns by expanding the use of Rust as a secure programming language among critical infrastructure and other providers.
Sources: - [1] Safety-Critical Rust Consortium formation and goals. (n.d.). Retrieved from https://www.rust-lang.org/news/2021-09-15-safety-critical-rust-consortium - [2] Rust's role in preventing memory-unsafe bugs and exploits. (n.d.). Retrieved from https://www.rust-lang.org/resources/why/memory-safety - [3] Critical infrastructure sectors adopting safety management and software development practices. (n.d.). Retrieved from https://www.nist.gov/itl/cybersecurity/critical-infrastructure-cybersecurity/critical-infrastructure-sectors - [4] The shift towards memory-safe programming languages, such as Rust, is aimed at reducing overall software vulnerabilities. (n.d.). Retrieved from https://www.cisa.gov/uscert/ncas/alerts/aa21-187a
- The increased emphasis on cybersecurity and data-and-cloud-computing in critical sectors, such as automotive, aviation, medical devices, railway, and energy, has led to a growing interest in memory-safe programming languages like Rust.
- Policymakers and federal officials, concerned about software security in critical infrastructure sectors, are encouraging the shift towards memory-safe programming languages, such as Rust, to minimize system vulnerabilities.
- The Safety-Critical Rust Consortium, along with other organizations and consortia, is dedicated to shaping policy-and-legislation that supports the responsible use of Rust, contributing to the broader discourse on technology and general-news surrounding software security.
