.The report, penned by the foundation's boss, Rebecca Rumbul, reveals that the Foundation has done shedloads of work in the last six months of 2023, from launching several new security projects to finishing and releasing security threat models.

The report says when more people use a coding language, it becomes more tempting to hackers. As any coding language grows with more libraries, packages, and frameworks, the chances of attacks increase. Rust is no different.

“As the guardian of the Rust coding language, the Rust Foundation must provide resources to the growing Rust community. This means we must work with the Rust Project to help contributors take part in a secure and scalable way, get rid of security headaches for Rust maintainers, and teach the public about security in the Rust world,” Rumbul said.

Some of the things Rust did include:

• Completing and releasing threat models for Rust Infrastructure and Crates Ecosystem
• Developing Rust Foundation open sauce security project Painter [for making a graph database of links between crates] and releasing a new security project, Typomania [a toolbox to check for fake names in package registries].
• Using new tools and best practices to find and deal with dodgy crates.
• Helping cut down technical debt in the Rust Project, making/contributing to security-focused documents, and raising security issues for discussion in the Rust Project.

She said that in the next few months, Security Initiative Engineers will mainly focus on:

• Finishing all four Rust security threat models and taking action to deal with the threats
• Setting up more infrastructure to support backup, copying, and mirroring of important Rust assets
• Working with the Rust Project on the design and possible implementation of signing and PKI solutions for crates.io to match the security of other popular ecosystems
• Continuing to make and improve tools to support Rust world, including the crates.io admin function, Painter, Typomania, and Sandpit.