Publish new report & announcement at 10 AM PDT

news/new-rust-foundation-report-details-security-initiative-progress.md

@@ -0,0 +1,46 @@
+---
+title: New Rust Foundation Report Details Security Initiative Progress
+byline: The Rust Foundation
+description: "The Rust Foundation’s Security Initiative was created in 2022 to support security improvements to the Rust programming language ecosystem. In a new report, the Foundation details recent Rust security focus areas, milestones, and upcoming plans.\_"
+date: 2023-07-27T13:00:00Z
+tags:
+  - announcement
+  - 'foundation '
+  - security
+index: false
+layout: layouts/news.njk
+---
+The [<u>Rust Foundation</u>](https://foundation.rust-lang.org/), an independent non-profit dedicated to stewarding the [<u>Rust</u>](https://www.rust-lang.org/) programming language, today released a new report detailing the recent accomplishments of their Security Initiative – an effort to advance the state of security within the Rust programming language ecosystem.&nbsp;
+
+In recent years, the global adoption and popularity of the Rust programming language have grown at a rapid rate. But as software engineers, business leaders, and global governments become more aware of the many advantages of Rust, the need for more scalable security systems and safeguards against bad actors has become more urgent.&nbsp;
+
+The Rust Foundation [<u>announced its Security Initiative</u>](https://foundation.rust-lang.org/news/2022-09-13-rust-foundation-establishes-security-team/) in September 2022 with a mission to support and advance the state of security within the Rust Programming language ecosystem. Inaugural support from [<u>OpenSSF’s Alpha-Omega project</u>](https://openssf.org/community/alpha-omega/) and Rust Foundation Platinum Member, [<u>AWS</u>](https://aws.amazon.com/) allowed the Foundation to build out its Technology Team (led by Rust Foundation Director of Technology, Joel Marcey) in Q1 of 2023 with dedicated security and software engineering expertise. Additional in-kind support from Rust Foundation Platinum Member [<u>JFrog</u>](https://jfrog.com/) and [<u>Google</u>](https://google.com) and infrastructure support from [<u>Wiz</u>](https://www.wiz.io/) provided the Security Initiative with the necessary resources to carry out impactful security work.&nbsp;&nbsp;
+
+The Rust Foundation Security Initiative works in close collaboration with Rust Project leaders within specific teams and working groups. This collaboration has resulted in impactful achievements between December 2022 and September 2022, including:&nbsp;
+
+* Considerable progress on a complete security audit of the Rust ecosystem
+* Completion of several threat models, enabling the Rust Foundation and Rust Project to better understand the risks identified by the security audit
+* Development of several new tools to enhance Rust maintainers’ security workflows and unlock greater insight into vulnerabilities, including <a target="_blank" rel="noopener" href="https://github.com/rustfoundation/painter">Painter</a>.
+* crates.io technical debt reduction & API token improvements
+
+The Rust Foundation invites you to download its first Security Initiative Report to learn more about the focus areas and achievements of this effort to date.&nbsp;
+
+### [<u>&gt; &gt; Download the Security Initiative Report&nbsp;</u>](https://foundation.rust-lang.org/static/publications/security-initiative-report-july-2023.pdf)
+
+Rust Foundation Executive Director & CEO Rebecca Rumbul said the following about the Security Initiative and the new report:
+
+> *“I am pleased to share the Rust Foundation’s first Security Initiative Report, detailing the impressive accomplishments of the program between December 2022 and July 2023. The collaboration between our Technology Team and the Rust Project Teams and Working Groups has resulted in many new developments that will contribute to a more safe and secure Rust language and ecosystem.&nbsp;*
+>
+> *At the Rust Foundation, we are committed to investing responsibly in Rust for the common good. Better security auditing, automation, and tooling means that both seasoned Rust users and new Rust adopters can have confidence that their Rust code is as safe and secure as it can be. At scale, this means better software for everyone.*
+>
+> *The Rust Foundation team looks forward to leading this ongoing effort and sharing detailed updates on the Security Initiative in the future.”*
+
+Further reflections on the need for Rust security support from Rebecca can be found in [<u>the report</u>](https://foundation.rust-lang.org/static/publications/security-initiative-report-july-2023.pdf).&nbsp;
+
+The Rust Foundation’s Security Initiative is made stronger and more sustainable through diverse corporate sponsorship, and the Foundation is actively seeking contributions from corporations to enable us to continue this vital work into 2024. Please contact the Rust Foundation to learn how to support the Security Initiative at [<u>contact@rustfoundation.org</u>](mailto:contact@rustfoundation.org).
+
+For more about the Rust Foundation and to stay up to date on our latest activities, visit our [<u>website</u>](https://foundation.rust-lang.org/) and follow us on [<u>Twitter</u>](https://twitter.com/rust_foundation) and [<u>LinkedIn</u>](https://www.linkedin.com/company/rust-foundation/).
+
+## About the Rust Foundation&nbsp;
+
+The Rust Foundation is an independent non-profit organization dedicated to stewarding the Rust programming language, nurturing the Rust ecosystem, and supporting the set of maintainers governing and developing the project. Learn more at [<u>rustfoundation.org</u>](http://foundation.rust-lang.org/).

resources.njk

@@ -9,11 +9,19 @@ eleventyNavigation:
     <h1>Resources, Publications, & Public Filings</h1>
 
 <section class="container">
-    <h2>Annual Reports</h2>
+    <h2>Rust Foundation Reports</h2>
+    <br>
+    <h3>Annual Reports</h3>
     <div>In 2022, we produced our first annual report, which details our metrics, milestones, and key details from 2022. We intend to produce this report each year to detail the Rust Foundation's growth and progress.</div>
     <ul>
     <h3><a href="https://foundation.rust-lang.org/static/publications/annual-reports/annual-report-2022.pdf">>> 2022 Annual Report</a>
     </h3></ul>
+    <br>
+    <h3>Security Initiative Reports</h3>
+    <div>In 2023, we began releasing detailed reports on the accomplishments, goals, and recent developments of our Security Initiative. We will add future installments of the Security Initiative Report as they become available.</div>
+    <ul>
+    <h3><a href="https://foundation.rust-lang.org/static/publications/security-initiative-report-july-2023.pdf">>> July 2023 Security Initiative Report</a>
+    </h3></ul>
 </section>
 
 <section class="container">
@@ -25,7 +33,7 @@ eleventyNavigation:
 </section>
 
 <section class="container">
-    <h2>Joint Publications</h2>
+    <h2>Other Publications</h2>
     <div>The Rust Foundation will occasionally partner with other organizations to conduct research about the Rust ecosystem. The publications resulting from such collaborations will be shared here as they become available.</div>
     <ul>
       <h3><a href="/static/publications/financial-filings/form-990-2021.pdf">>> SLSA++ A Survey of Software Supply Chain Security Practices and Beliefs</a></h3><i>(released in partnership with Chainguard, the Eclipse Foundation, & OpenSSF)</i>