TLDR: We should create a new Security Working Group to focus on the security of the Rust language and ecosystem.
I’d like to propose starting a new working group focusing on security. The group’s mandate would be twofold: First, to make sure that it is easy to write secure software in Rust and, second, to make sure that the infrastructure of the Rust project is secure. In particular, this would include things like:
- Identifying reasons that programmers use
unsafein practice and creating crates to provide the same functionality behind safe, well-vetted APIs.
- Identifying common security-sensitive tasks and creating crates to provide the same functionality behind safe, well-vetted APIs. This could be low-level and general like cryptography, or high-level and specific like some of what Rocket and Diesel do with certain kinds of sanitization and escaping.
- Creating best practices around how to design security APIs that are difficult to misuse.
- Making sure that the language makes it easy to write security-sensitive code. This includes features like a well-defined memory model (already covered by the Unsafe Code Guidelines Working Group) and first-class support for constant time operations (which are necessary for cryptography).
- Tooling to automatically reason about the correctness of unsafe Rust code.
- Improving the security of various Rust infrastructure such as artifact signing on crates.io, reproducible builds, build sandboxing (for build.rs scripts), etc.
What I’d like from members of the community:
- Volunteer to be a member of this WG!
- Give feedback on these focus areas, or propose new focus areas.
What I’d like from members of the core team: Tell me if I’m doing this right Is there any official process that I need to go through first, or is this proposal sufficient on its own?
After the dust settles, we can move on to more low-level logistics of when/how/how frequently we’ll meet and things in that vein.