[ / / / / / / / / / / / / / ] [ dir / jenny / leftpol / mewch / pinoy / vg / vietnam / vp / xivlg ]

/tech/ - Technology

Winner of the 75nd Attention-Hungry Games
/caco/ - Azarath Metrion Zinthos

March 2019 - 8chan Transparency Report
Comment *
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Show oekaki applet
(replaces files and can be used instead)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File: 00de0fb28285a99⋯.png (181.37 KB, 316x316, 1:1, Logo_of_ANSSI.png)

File: def4f9bb59e7d0f⋯.png (1.17 KB, 209x209, 1:1, logo_rust.png)


Be part of ANSSI’s new « Guide to develop secure applications with Rust »

Rust is an open source programming language which combines security, modernity and performance. As well, it is gradually being adopted in a large number of projects. To support developers, ANSSI offers a new "Guide to develop secure applications with Rust". This guide is intended to be a living document and it’s open to all contributions from the community. The object of this document is to provide hints and recommendations for secure applications development using the Rust programming language, that allow users to benefits of the good level of trust the Rust language already provides.

Created in 2006, Rust is a free programming language that has gradually brought together a community of users involved in its use and development.

Thanks to this collaborative experience, many projects are now taking advantage of Rust’s qualities.

This language focuses on security without compromising performance in the development of any type of application.

The Guide to Develop Secure Applications with Rust

To support all developers in their use of Rust language, ANSSI offers a new “guide to develop secure applications with Rust”.

The guide intents to group recommendations that should be applied for application development with strong security level requirements.

The aim with the structure of this document is to consider separately different phases of a typical and simplified development process.

ANSSI invites you to become the actors of this open, interactive and evolving project

This initiative is also collaborative, to benefit from the expertise developed by the community over the past several years.

ANSSI calls on all contributors to be part of the development of this guide, which is now published in a “Beta” version.

Each user will be able to participate with our teams in the development of this new resource, made available on GitHub.

Once these contributions have been discussed and integrated, the finalized and formatted document will join the collection of best practices guides proposed on ANSSI’s website.

However, this first version will remain open for comments, in order to adapt these practical recommendations to the next developments that may mark the future of Rust language.




>National Cybersecurity Agency of France

Why do I get a feeling of danger and ill intent whenever "national" and "security" words are in the same title or sentence?



Not every National Security Agency is the US-NSA.



The ANSSI isn't an intelligence agency. I think it's the equivalent of the National Cybersecurity Center.

>The agency ensures the mission of national authority security of information systems. As such it is responsible for proposing rules for the protection of state information systems and verify the implementation of measures adopted. In the field of cyber defence, it provides a monitor, detect, alert and reaction to computer attacks, especially on the networks of the State.



>Created in 2006, Rust




1. Use stable compilation toolchain

2. Use Rust linter (cargo-clippy)

3. Check for outdated dependencies versions (cargo-outdated)

4. Check for security vulnerabilities report on dependencies (cargo-audit)

5. Check for unsafe code in dependencies

6. Zeroize memory of sensitive data after use

7. Use unsafe blocks only in predefined cases and justify it

8. Use the appropriate arithmetic operations regarding potential overflows

9. Implemente custom Error type, wrapping all possible errors

10. Use the ? operator and do not use the try! macro

11. Avoid functions that can cause panic!

12. Test properly array indexing or using the get() method

13. Handle correctly panic! in FFI



>6. Zeroize memory of sensitive data after use

Why though? Isn't it the job of the OS/kernel to ensure that another program can't read your memory?


>Use Rust! You can make secure program with it!

>But you also need to write program in a specific way

Why is it such a meme?

Might as well just learn C/C++ correctly, or Ada, or Haskell



>Use steel! You can make a strong vault with it!

>But you also need to manufacture the steel in a certain way

Why is it such a meme?

Might as well just properly make a wooden vault.



Not after you've freed it.



The kernel will zero memory pages the first time you use them.











I think im going to kill myself


I thought their fucking baguettes are burning down at every street corner how the fuck do they have time for Rust?





>Jewish "French" Republic




>tfw I just want to burn shit and throw rocks at police but live in one of the most peaceful places in the world

It isn't fair.




>3. Check for outdated dependencies versions (cargo-outdated)

Don't. It's bloatware that could easily hide a virus. Just version control Cargo.lock and do cargo update.

>4. Check for security vulnerabilities report on dependencies (cargo-audit)

Don't. It's bloatware that could easily hide a virus.

>6. Zeroize memory of sensitive data after use

Don't bother. It's security theater.

>13. Handle correctly panic! in FFI

Compile with -C unwind=abort.



>Compile with -C unwind=abort.

Correction: It's -C panic=abort




Why didn't they just copy Lisp conditions?



[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[ / / / / / / / / / / / / / ] [ dir / jenny / leftpol / mewch / pinoy / vg / vietnam / vp / xivlg ]