Supply-chain security in open-source ecosystems: the Rust case
2023-07-04, 14:00–14:35 (Europe/Paris), Amphitheater

Rust is an increasingly popular systems programming language, especially thanks to its memory safety guarantees and more general focus on safety.
This talk will give an overview of where it stands regarding the software supply-chain security challenges, including vulnerability management across the ecosystem, dedicated tooling and integration into larger efforts (OpenSSF projects, etc.)

It will cover the topic from both an internal (as a member of the Rust Secure Code WG) and an external (as a software editor using Rust) point of view.

See also: slides

Alexis Mousset is working on Rudder, an infra configuration & security management tool, as lead developer on system topics (configuration automation, agents, networking, etc.)
He is also part of the Rust language Secure Code working group, which promotes tooling to help writing secure code in Rust and manages the Rust ecosystem vulnerability database.