Rust Foundation Focusing on Safety and Dev Outreach in 2023
It’s not surprising that Rust is growing and fast. Particularly since the U.S. government indirectly endorsed it recently.
“We’re in a growth period right now,” said Rebecca Rumbul, executive director and CEO of the Rust Foundation. “We’ve got the U.S. government standing up in front of people and saying you should use memory-safe languages like Rust as a default for specific kinds of projects, to ensure a good level of security. So we’ve gotten an awful lot of support and encouragement from people to come to Rust.”
The Rust community is more than 2 million developers today, building with nearly 100,000 crates or Rust compilations, according to the Foundation. Indeed, Stack Overflow’s survey of approximately 71,000 found it was the most loved language, topping the list with 87% “loved” and only 13 % saying it was “dreaded.”
“It’s a really useful and really performative language,” Rumbul said. “The versatility it provides, the speed and performance it provides, the safety it provides — it ticks a lot of boxes for a lot of people.”
Rust was created in 2006 and has been maintained within Mozilla until recently. The Rust Foundation is only 2 years old. Its first goal was to grow beyond its single sponsor to, well, more. Now it’s a global, cross-industry collaboration of 40 different corporations from every size and sector. That can be a gift and a curse, since it can leave maintainers burnt out while trying to support the influx of new users.
“We need to make sure that Rust can cope with that,” Rumbul told The New Stack. “It’s great having everyone turn up to the party, but we need to make sure that all of our infrastructure is able to cope with this, that our maintainers aren’t frazzled because of all of these new people asking for their advice and needing attention. Our priority is just to make sure that Rust can scale, but it can do so effectively without people burning out or without infrastructure falling over.”
The foundation holds the trademark to Rust but doesn’t dictate standards. That’s the work of the Rust open source project, a separate group that works with the foundation. Instead, the foundation’s focus is on security, education and coordination among those working with Rust.
A Building Year
The past year has been a building year for the Rust Foundation. It received $907,000 in cloud compute support from Fastly, AWS, Google and Microsoft. But much of its its focus was on adding staff, which until this past year was comprised of one person: Rumbul. A security engineer is among those added. Rust is known for being secure because of the way it handles memory. It’s one of several languages — along with Go, C#, Java, Ruby and Swift — considered “memory safe,” because it can help prevent programmers from introducing certain types of memory-related issues. That’s because the memory is managed automatically as part of the language, so that programmers don’t have to add special code for memory protections.
But memory issues aren’t the only way languages can be exploited. The Foundation’s goal is to bake more security features into the language without negatively affecting the developer experience, Rumbul added. Funding for the security push comes from the Alpha Omega Project, she said, which has made grants to organizations such as the Python Fundation and the Eclipse Foundation.
“Our security engineer is doing some threat modeling and doing a survey of the ecosystem to identify key areas that are potentially vulnerable. One of the other things is obviously looking at the integrity and the safety of our high-dependency crates and how we can ensure that we make it very difficult for people to act in a malicious way,” she said.
In the coming year, she hopes to be able to demonstrate the benefits of having a security resource at the Foundation.
“It’s very difficult sometimes to demonstrate its value because you’re trying to prove a negative all the time,” she said. “How do I know the security is working? Well, everything’s still there.”
Goal: Become More Strategic
The Foundation also oversees a community grant program that provides fellowships to do specific work on Rust. Last year, it awarded $710,000 in grants to support maintainers governing and building the Rust project. It also awarded $411,000 in funding to support Rust community projects.
“One of our ambitions is to make sure that we are more strategic with the kinds of things that we’re funding,” she said. “It’s going to be about ensuring that there is a coherence between what people want to be supported to do and the roadmaps for the actual project. Because yes, we want to make sure that as far as possible, these grants are helping bring people into the project, helping to increase our pool of maintainers. We really we need to sustain that pipeline.”
For the coming year, the Foundation wants to be a bit more strategic in ensuring that its grants and other efforts are “joined up” and moving in the same direction, which Rumbul believes will make a bigger impact on maintaining the community and ecosystem.
Rumbul also wants to develop educational materials and programs for Rust in the coming year.
“One of the things that’s limiting Rust’s growth at the moment is just we don’t have quite enough people to teach,” she said. “We don’t have quite enough resources for people to pick up and run with it. So we would definitely love to move into providing some of those materials and experiences as well.”
What Frontend/Web Developers Need to Know
Rust is still maturing and so there’s room for those interested in contributing to the open source language. Rust programmers, aka “Rustaceans,” interested in participating with the Rust project should first talk with others involved, advised Rumbul.
“The project leaders have a really good idea of what kind of work they would like to see,” she said. “Those grants hopefully are not just benefiting those individuals, but they’re benefiting everyone else in the ecosystem that uses it.”
As far as learning Rust, it’s generally not considered a good “first” language, but developers with some experience shouldn’t shy away.
“There’s been a bit of a myth actually,” she said. “Rust has a very, very steep learning curve for some people, but I don’t think it’s quite as bad as it’s been hyped to be. People can get productive in Rust reasonably quickly now. And one of the reasons people love Rust is that when you’re learning it, the compiler is very friendly.”
For resources, she suggested the Rust book online or the numerous YouTube videos Rustaceans have made.
The potential is still huge, as most industries are just now starting to experiment with Rust, she added.
“It’s already being discussed in automotive and safety-critical circles,” she said. “It’s got potential for things like aerospace; it’s got huge potential for things like utilities and finance. These industries, they’re understandably very careful about how they invest, but the conversations are happening, and I think there are quite a lot of organizations that are quietly experimenting at the moment, to see how they might want to deploy Rust.
“I can’t wait to see what I’m able to say in two or three years’ time. There’ll be a very different answer to that question, and probably too many examples to talk about at that point.”