Programming Rules to Develop Secure Applications With Rust

Rust is a multi-paradigm language of which one of the objectives is to challenge the conflict between high-level ergonomics and fine-grained memory management. Among the abundant constructions and features it proposes, some can enable the introduction of programming errors, though. In the context of developments with strong security level requirements, the definition of restrictions and good practices when using the language and the corresponding ecosystem tooling is necessary to best take advantage of the safety guaranties Rust has to offer.

Publish the 09 June 2020 Updated 09 June 2020

anssi-guide-Programming_Rules_to_Develop_Secure_Applications_With_Rust-couv

The purpose of this guide is to compile rules, recommendations and good practices about programs implementation with the Rust language, allowing one to benefit from the variety of possibilities this language can offer, while staying as much as possible in a safe zone for the development of secure applications. This guide aims to achieve several goals:

reinforce the security, the quality and the reliability of produced source code by identifying bad or dangerous programming practices and also good practices for the usage of the Rust ecosystem's tools;
improve the readability of the code for source code analysis throughout peer-reviewing;
establish a trust level in security, reliability and robustness of a development;
help the maintainability of a software, but also the addition of features.

PDF

ANSSI - Guide - Programming Rules to Develop Secure Applications With Rust - v1.0

Search

About French Cybersecurity Agency (ANSSI)

Regulation

Scientific standing – the key roles of expertise

Programming Rules to Develop Secure Applications With Rust