The object of this document is to provide hints and recommendations for secure applications development using the Rust programming language.
It is not intended to be a course on how to write Rust programs, there are already plenty of good learning resources for this purpose (see the External references section below). The purpose is rather to guide the programmer and to inform them about certain pitfalls, especially in case they are involved in the development of applications with strong security requirements. These recommendations form a complement to the good level of trust the Rust language already provides. That said, recalls are sometimes necessary for clarity, and the experienced Rust programmer may rely solely on Recommendation or Warning inserts.
It is currently an ongoing version and all contributions are welcome.
$ cargo install mdbook
$ mdbook serve -o
At this time, this guide is intended to be a living document. It still lacks important points and details, and future versions of the language and compiler may render some recommendations obsolete. We are eager to discuss and to receive contributions from anyone who is aware of common or uncommon pitfalls to avoid, or good coding practices and tools that can help building more robust software with the Rust language.
Thus, feel free to create pull requests to suggest recommendations or modifications, or to submit an issue to start discussions. Specifically, please opt for a pull request for small changes like:
- complementing a paragraph,
- adding a small example in the form of code snippet,
- updating some information
- fixing typos and English mistakes,
- etc.
and for an issue in case of more substantive changes:
- suggesting a new recommendation,
- discussing controversial points,
- rewording a consistent part of the text,
- etc.
This document is published under the Open Licence 2.0.
One can also find an up-to-date list of various book resources about Rust and associated tools in the Rust documentation main page.