JFrog Press Room

Resource center for analyst and press inquiries,
company information, and community media.

JFrog Collaborates with the Rust Foundation to Root-out Open Source Software Vulnerabilities

PRESS RELEASE, September 13, 2022

JFrog Security Research team helps further harden developer’s “most loved language” with security expertise, vulnerability data, and ongoing investigation of emerging threats 

JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today announced a new initiative with the Rust Foundation, an independent non-profit organization that stewards the Rust programming language, focused on identifying and eliminating security threats to the Rust platform and ecosystem. Starting immediately, the JFrog Security Research team will provide access to information on known software vulnerabilities, ongoing threat research, and dedicated developer resources to proactively amend discovered Rust platform issues to prevent future risk.  

“Securing the software supply chain can’t be achieved with a one-time effort – it requires ongoing commitment, plus a multi-layered approach, and we believe memory-safe languages play a big role in that plan,” said Stephen Chin, VP of Developer Relations at JFrog. “By working hand-in-hand with the Rust Foundation, we can ensure this cornerstone programming language remains a recommended best practice in the development of modern, secure software.” 

Removing Root Causes of Software Vulnerabilities 

A study by Google indicated memory safety issues have represented almost the same proportion of security vulnerabilities designated as critical vulnerability exposures (CVEs) for over a decade. The Rust programming language – which Slashdata boasts has tripled its usage to 2.2 million developers over the past two years – was designed from the ground up to be both memory-safe and deliver high-performance. This means the language does not allow users to access memory they aren’t permitted to access, significantly reducing their ability to unknowingly inject malicious code that could make the language insecure. 

For this reason, Rust has been identified as a “critical open source software project” by the Open Source Security Foundation (OpenSSF) and granted support under the OpenSSF’s Alpha-Omega Project to help identify new and as-yet-undiscovered vulnerabilities to improve Rust’s security posture. The inherent stability and performance of Rust, coupled with JFrog’s advanced security tools, research, and expertise, will help safeguard the Rust language over time. 

“We’re thrilled to have JFrog’s support in proactively improving Rust’s security and design principles so developers can have greater peace of mind when they code,” said Bec Rumbul, Executive Director, Rust Foundation. “I believe this investment will keep Rust safe, secure, and sustainable, enabling new use cases and wider industry adoption.” 

JFrog and its Security Research team are the latest additions to a growing list of technology companies on the Rust Foundation Board of Directors, including Microsoft, Huawei, Google, AWS, and Mozilla. JFrog’s Rust membership adds to the company’s long list of open-source security initiatives, such as Pyrsia, Frogbot, status as a board member for the OpenSSF, and more. To learn more about JFrog’s dedication and community contributions to securing the software supply chain read this blog or visit https://jfrog.com/community/

###

Like this story? Tweet this: .@jfrog commits #security expertise, research + technology to help @RustFoundation fortify the #Rust programming language under the @OpenSSF #AlphaOmega project. Learn more: https://jfrog.com/press/   #DevSecOps #opensource #developer 

About JFrog

JFrog Ltd. (NASDAQ: FROG) is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back. Learn more at jfrog.com and follow us on Twitter: @jfrog.

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions, and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement.

There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2021, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.

Media Contact:

Siobhan Lyons, Sr. MarComm Manager, JFrog, siobhanL@jfrog.com 

Investor Contact: 

Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com