2025-08-30 –, Room 1 (Main Room)
It's not a secret that supply chain security is a major concern in 2025. What tools are available to help us make informed decisions on the crates that we use in the Rust software we develop?
2024 shone an even brighter spotlight on the issue of supply chain security. Understanding the dependencies that we build on top of is crucial when building software that is both secure and trustworthy.
In this talk, I'll discuss the tools and techniques that are available to Rustaceans to understand their dependencies, evaluate them both from security and sustainability perspectives, and make informed decisions when building with Rust. I'll also touch on work that is taking place — across many organisations, including the Rust project itself, the Rust Foundation, OpenSSF, and the broader FOSS ecosystem — that is helping here, both for Rust specifically and more broadly for all users of FOSS.
Adam works as a security-focused software developer at the Rust Foundation working on ecosystem security, especially around improving supply chain security for crates.io and Rust releases.
Professionally, his history includes stints as a developer at New Relic, deviantART, and Sourcegraph, while his open source work includes being a project member of Rust and PHP.
In his spare time, he plays cricket, kayaks, speaks Spanish extremely badly, throws tennis balls for his golden retriever, and tries to convince people that his Australian accent is actually flawless Canadian.