Publish Feb 2024 Security Initiative Report (#486)

* Added 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Added 'static/publications/security-initiative-report-february-2024.pdf' via CloudCannon

* Updated 2 files via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

* Updated 1 file via CloudCannon.

---------

Co-authored-by: Gracie Gregory <[email protected]>

news/new-rust-foundation-report-details-security-initiative-progress.md

@@ -29,7 +29,7 @@ The Rust Foundation invites you to download its first Security Initiative Report
 
 Rust Foundation Executive Director & CEO Rebecca Rumbul said the following about the Security Initiative and the new report:
 
-> *“I am pleased to share the Rust Foundation’s first Security Initiative Report, detailing the impressive accomplishments of the program between December 2022 and July 2023. The collaboration between our Technology Team and the Rust Project Teams and Working Groups has resulted in many new developments that will contribute to a more safe and secure Rust language and ecosystem. *
+> *“I am pleased to share the Rust Foundation’s first Security Initiative Report, detailing the impressive accomplishments of the program between December 2022 and July 2023. The collaboration between our Technology Team and the Rust Project Teams and Working Groups has resulted in many new developments that will contribute to a more safe and secure Rust language and ecosystem.* 
 >
 > *At the Rust Foundation, we are committed to investing responsibly in Rust for the common good. Better security auditing, automation, and tooling means that both seasoned Rust users and new Rust adopters can have confidence that their Rust code is as safe and secure as it can be. At scale, this means better software for everyone.*
 >

news/second-security-initiative-report-details-rust-security-advancements.md

@@ -0,0 +1,15 @@
+---
+title: Second Security Initiative Report Details Rust Security Advancements
+byline: The Rust Foundation
+description: "The Rust Foundation’s Security Initiative was created in 2022 to support security improvements to the Rust programming language ecosystem. In a second progress report, the Foundation details recent Rust security focus areas, accomplishments, and priorities.\_"
+date: 2024-02-15T17:00:00Z
+tags:
+  - announcement
+  - security initiative
+  - foundation
+index: false
+layout: layouts/news.njk
+---
+DOVER, DELAWARE, USA - February 15, 2024 – The&nbsp;[<u>Rust Foundation</u>](https://foundation.rust-lang.org/), an independent non-profit dedicated to stewarding the&nbsp;[<u>Rust</u>](https://www.rust-lang.org/)&nbsp;programming language, today released a second report detailing the&nbsp; accomplishments of their Security Initiative – an effort to advance the state of security within the Rust programming language ecosystem.&nbsp;
+
+<div><p>The Rust Foundation&nbsp;<a href="https://foundation.rust-lang.org/news/2022-09-13-rust-foundation-establishes-security-team/"><u>announced its Security Initiative</u></a>&nbsp;in September 2022 with a mission to support and advance the state of security within the Rust Programming language ecosystem. Inaugural support from&nbsp;<a href="https://openssf.org/community/alpha-omega/"><u>OpenSSF’s Alpha-Omega project</u></a>&nbsp;and Rust Foundation Platinum Member,&nbsp;<a href="https://aws.amazon.com/"><u>AWS</u></a>&nbsp;allowed the Foundation to build out its Technology Team (led by the Foundation's Director of Technology, Joel Marcey) in Q1 of 2023 with dedicated security and software engineering expertise. Additional in-kind support from <a href="https://jfrog.com/"><u>JFrog</u></a>&nbsp;and Rust Foundation Platinum Member&nbsp;<a href="https://google.com/"><u>Google</u></a>&nbsp;and infrastructure support from&nbsp;<a href="https://www.wiz.io/"><u>Wiz</u></a>&nbsp;provided the Security Initiative with the necessary resources to carry out impactful work.&nbsp; The Security Initiative requires close collaboration with many Rust Project leaders and working groups.</p><p>In July 2023, the Rust Foundation released its first report on the Security Initiative. Today, they released a new publication covering work carried out in the latter half of 2023. Accomplishments during this period include:</p><div><div><div><ul><li>Completing and releasing Rust Infrastructure and Crates Ecosystem threat models</li><li>Further developing Rust Foundation open source security project <a href="https://github.com/rustfoundation/painter">Painter</a> and releasing new security project, <a href="https://github.com/rustfoundation/typomania">Typomania</a>.</li><li>Utilizing new tools and best practices to identify and address malicious crates</li><li>Helping reduce technical debt within the Rust Project, producing/contributing to security-focused documentation, and elevating security priorities for discussion within the Rust Project.</li></ul><p>... and more!</p></div></div></div><p>The Rust Foundation invites you to download its second Security Initiative Report to learn more about the focus areas and achievements under this effort in Q3 and 4 of 2023.&nbsp;</p><h3><a href="https://foundation.rust-lang.org/static/publications/security-initiative-report-february-2024.pdf"><u>&gt; &gt; Download the Second Security Initiative Report&nbsp;</u></a>&nbsp;</h3><p> </p><p>The Rust Foundation’s Security Initiative is made stronger and more sustainable through diverse corporate sponsorship, and the Foundation is actively seeking contributions from corporations to enable them to continue this vital work into the future. Please contact the Rust Foundation to learn how to support the Security Initiative at&nbsp;<a href="mailto:[email protected]"><u>[email protected]</u></a>.</p><p>For more about the Rust Foundation and to stay up to date on forthcoming activities, visit the organization's&nbsp;<a href="https://foundation.rust-lang.org/"><u>website</u></a>,&nbsp;<a href="https://twitter.com/rust_foundation"><u>Twitter</u></a>, and&nbsp;<a href="https://www.linkedin.com/company/rust-foundation/"><u>LinkedIn</u></a>&nbsp;profiles.</p><h2>About the Rust Foundation&nbsp;</h2><p>The Rust Foundation is an independent non-profit organization dedicated to stewarding the Rust programming language, nurturing the Rust ecosystem, and supporting the set of maintainers governing and developing the project. Learn more at&nbsp;<a href="http://foundation.rust-lang.org/"><u>rustfoundation.org</u></a>.</p></div>

resources.njk

@@ -21,10 +21,13 @@ eleventyNavigation:
     </h3></ul>
     <br>
     <h3>Security Initiative Reports</h3>
-    <div>In 2023, we began releasing detailed reports on the accomplishments, goals, and recent developments of our Security Initiative. We will add future installments of the Security Initiative Report as they become available.</div>
+    <div>In 2023, we began releasing detailed reports on the accomplishments, goals, and recent developments of our Security Initiative. We will add future installments of the Security Initiative Report to this page as they become available.</div>
     <ul>
     <h3><a href="https://foundation.rust-lang.org/static/publications/security-initiative-report-july-2023.pdf">>> July 2023 Security Initiative Report</a>
     </h3></ul>
+    <ul>
+    <h3><a href="https://foundation.rust-lang.org/static/publications/security-initiative-report-february-2024.pdf">>> February 2024 Security Initiative Report</a>
+    </h3></ul>
 </section>
 
 <section class="container">