[ / / / / / / / / / / / / / ] [ dir / jenny / leftpol / mewch / pinoy / vg / vietnam / vp / xivlg ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Email
Comment *
File
Select/drop/paste files here
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

File (hide): 00de0fb28285a99⋯.png (181.37 KB, 316x316, 1:1, Logo_of_ANSSI.png) (h) (u)

File (hide): def4f9bb59e7d0f⋯.png (1.17 KB, 209x209, 1:1, logo_rust.png) (h) (u)

[–]

 No.1029098>>1029445 >>1029497 >>1029510 >>1029554 [Watch Thread][Show All Posts]

Be part of ANSSI’s new « Guide to develop secure applications with Rust »

Rust is an open source programming language which combines security, modernity and performance. As well, it is gradually being adopted in a large number of projects. To support developers, ANSSI offers a new "Guide to develop secure applications with Rust". This guide is intended to be a living document and it’s open to all contributions from the community. The object of this document is to provide hints and recommendations for secure applications development using the Rust programming language, that allow users to benefits of the good level of trust the Rust language already provides.

Created in 2006, Rust is a free programming language that has gradually brought together a community of users involved in its use and development.

Thanks to this collaborative experience, many projects are now taking advantage of Rust’s qualities.

This language focuses on security without compromising performance in the development of any type of application.

The Guide to Develop Secure Applications with Rust

To support all developers in their use of Rust language, ANSSI offers a new “guide to develop secure applications with Rust”.

The guide intents to group recommendations that should be applied for application development with strong security level requirements.

The aim with the structure of this document is to consider separately different phases of a typical and simplified development process.

ANSSI invites you to become the actors of this open, interactive and evolving project

This initiative is also collaborative, to benefit from the expertise developed by the community over the past several years.

ANSSI calls on all contributors to be part of the development of this guide, which is now published in a “Beta” version.

Each user will be able to participate with our teams in the development of this new resource, made available on GitHub.

Once these contributions have been discussed and integrated, the finalized and formatted document will join the collection of best practices guides proposed on ANSSI’s website.

However, this first version will remain open for comments, in order to adapt these practical recommendations to the next developments that may mark the future of Rust language.

https://www.ssi.gouv.fr/en/actualite/be-part-of-anssis-new-guide-to-develop-secure-applications-with-rust/

https://github.com/ANSSI-FR/rust-guide

 No.1029117>>1029119 >>1029441

>National Cybersecurity Agency of France

Why do I get a feeling of danger and ill intent whenever "national" and "security" words are in the same title or sentence?


 No.1029119

>>1029117

Not every National Security Agency is the US-NSA.


 No.1029441

>>1029117

The ANSSI isn't an intelligence agency. I think it's the equivalent of the National Cybersecurity Center.

>The agency ensures the mission of national authority security of information systems. As such it is responsible for proposing rules for the protection of state information systems and verify the implementation of measures adopted. In the field of cyber defence, it provides a monitor, detect, alert and reaction to computer attacks, especially on the networks of the State.


 No.1029445

>>1029098 (OP)

>Created in 2006, Rust

lmao


 No.1029446>>1029461 >>1029734 >>1029806

https://github.com/ANSSI-FR/rust-guide/blob/master/src/RECOS.md

1. Use stable compilation toolchain

2. Use Rust linter (cargo-clippy)

3. Check for outdated dependencies versions (cargo-outdated)

4. Check for security vulnerabilities report on dependencies (cargo-audit)

5. Check for unsafe code in dependencies

6. Zeroize memory of sensitive data after use

7. Use unsafe blocks only in predefined cases and justify it

8. Use the appropriate arithmetic operations regarding potential overflows

9. Implemente custom Error type, wrapping all possible errors

10. Use the ? operator and do not use the try! macro

11. Avoid functions that can cause panic!

12. Test properly array indexing or using the get() method

13. Handle correctly panic! in FFI


 No.1029461>>1029472

>>1029446

>6. Zeroize memory of sensitive data after use

Why though? Isn't it the job of the OS/kernel to ensure that another program can't read your memory?


 No.1029463>>1029470

>Use Rust! You can make secure program with it!

>But you also need to write program in a specific way

Why is it such a meme?

Might as well just learn C/C++ correctly, or Ada, or Haskell


 No.1029470

>>1029463

>Use steel! You can make a strong vault with it!

>But you also need to manufacture the steel in a certain way

Why is it such a meme?

Might as well just properly make a wooden vault.


 No.1029472>>1029475

>>1029461

Not after you've freed it.


 No.1029475

>>1029472

The kernel will zero memory pages the first time you use them.


 No.1029481

YET ANOTHER RUST THREAD

KILL YOURSELF RUSTFAG

>https://www.ssi.gouv.fr

<FR

RUST; THE PERFECT LANGUAGE FOR FRENCH FAGGOTS

YOU FIT RIGHT IN OP

YOU SHOULD GO TO FRANCE AND GET OUT OF MY COUNTRY


 No.1029497>>1029511

>>1029098 (OP)

I think im going to kill myself

>france

I thought their fucking baguettes are burning down at every street corner how the fuck do they have time for Rust?


 No.1029510

>>1029098 (OP)

>rust

>secure

>Jewish "French" Republic

kys


 No.1029511

>>1029497

>tfw I just want to burn shit and throw rocks at police but live in one of the most peaceful places in the world

It isn't fair.


 No.1029554

>>1029098 (OP)

>rust

>Microsoft github

>securing virtualized windows 10

https://www.ssi.gouv.fr/particulier/guide/mise-en-oeuvre-des-fonctionnalites-de-securite-de-windows-10-reposant-sur-la-virtualisation/

>restrict data collection in windows 10

https://www.ssi.gouv.fr/uploads/2017/01/np_securisation_windows10_collecte_de_donnees_v1.2.pdf

The French touch tm.

IDIOTS!


 No.1029734>>1029736

>>1029446

>3. Check for outdated dependencies versions (cargo-outdated)

Don't. It's bloatware that could easily hide a virus. Just version control Cargo.lock and do cargo update.

>4. Check for security vulnerabilities report on dependencies (cargo-audit)

Don't. It's bloatware that could easily hide a virus.

>6. Zeroize memory of sensitive data after use

Don't bother. It's security theater.

>13. Handle correctly panic! in FFI

Compile with -C unwind=abort.


 No.1029736

>>1029734

>Compile with -C unwind=abort.

Correction: It's -C panic=abort


 No.1029806>>1029809

>>1029446

>panic

Why didn't they just copy Lisp conditions?

http://www.nhplace.com/kent/Papers/Condition-Handling-2001.html


 No.1029809

>>1029806

https://doc.rust-lang.org/book/ch09-00-error-handling.html

https://doc.rust-lang.org/std/result/index.html



[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
19 replies | 0 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / jenny / leftpol / mewch / pinoy / vg / vietnam / vp / xivlg ][ watchlist ]