This is a really good point for a language that is largely advertised as being more secure due to the borrowchecker.
Rust Programming
I dunno about stdx as a solution. It's just not a big enough list.
At work we build a big java thing and we:
- Manually import all dependencies, including transitive dependencies.
- Bless them by committing their hash to our repo. I think the cargo lock file does something similar.
- Audit the dependencies by hand. Sometimes that's reading them all and sometimes thats less. Honestly, it's often less. A few times it's being members of the upstream community.
- Don't allow running as root
- Drop all permissions we don't need with seccomp including reading a bunch of stuff
- Sandbox each thread based on what's on the stack. Untrusted code can do less stuff.
It's still not enough. But it helps.
Maybe a web of trust for audited dependencies would help. This version of this repo under this hash. I could see stdx stuff being covered by the rust core folks and I'm sure some folks would pay for bigger webs. We pay employees to audit dependencies. Sharing that cost via a trusted third party or foundation or something feels eminently corporate. Maybe even possible.
You might be onto something here.
Maybe a web of trust for audited dependencies would help. This version of this repo under this hash.
It'll probably please you to know that the alternative lib.rs frontend for the crates repository integrates both cargo-vet and cargo-crev data via an "Audit" tab that appears on the pages for crates that have such information.