Prossimo

Replumbing the Internet 🌐 Until the mid-1980s, many buildings were built with lead pipes – the best and most cost efficient option available at the time. However, once the health hazards associated with lead contamination were widely recognized, communities and advocacy groups pushed for initiatives to address the issue and replace lead pipes with safer alternatives. Similarly, the Internet was built using memory unsafe programming languages, the best option available at the time. For years we have known that memory safety bugs account for nearly 70% of all vulnerabilities, leading to errors and dangerous data breaches. In essence, just as lead pipes posed a threat to public health, memory safety vulnerabilities endanger digital security. Buffer overflows, a common consequence of memory safety lapses, act as conduits for data breaches, leaking sensitive information and compromising system integrity. Prossimo aims to help “replumb the Internet” by transitioning security-sensitive software infrastructure to memory safe code. Together with our community of developers, maintainers, advisors, and funders we’re working to build a more secure and privacy-respecting Internet for everyone, everywhere. memorysafety.org

2024 has been a big year for Prossimo! 🥳 We made a lot of progress towards #MemorySafety for critical Internet infrastructure, from deploying ntpd-rs in @LetsEncrypt to making #Rustls a high performance alternative to OpenSSL. Read through some of our most exciting blog posts and get inspired for 2025. 🎉 🌊 Announcing River, a high performance and memory safe reverse proxy built on Pingora. Read here: https://lnkd.in/g_k7JN7N 🌏 A readout from Tectonics: Challenges and solutions for moving forward with memory safety for critical Internet infrastructure. Read here: https://lnkd.in/drweqDpd 🤝 Growing attention and support for the solvability of memory safety by Cybersecurity and Infrastructure Security Agency and Craig Newmark. Read here: https://lnkd.in/g_3WH6nu 💡 Rustls gains OpenSSL and Nginx compatibility, enabling Nginx users to easily switch from OpenSSL to Rustls for better security. Read here: https://lnkd.in/gQm_9psM 🔐 Deploying memory safe ntpd-rs in Let’s Encrypt. Read here: https://lnkd.in/gbNHS73k 🔅 Memory safe River now supports load balancing, rate limiting, graceful reloads, and more. Read here: https://lnkd.in/guUSw_3E 🚀 Rustls outperforms both OpenSSL and BoringSSL. Read here: https://lnkd.in/gr8vmzRX 🛡️ Security-sensitive industries move to memory safety by adopting Rustls. Read here: https://lnkd.in/gZKcyCpA 📩 A note from our Executive Director: Reflecting on a decade of growth, innovation, and impact at ISRG. Read here: https://lnkd.in/gh4fwXYV

More than half (52%) of critical open source projects have code written in an memory unsafe language. 😱 In a report released earlier this year Cybersecurity and Infrastructure Security Agency (CISA) analyzed a list of 172 projects derived from the OpenSSF List of Critical Projects, which include operating system kernels and drivers, cryptography, and networking. Speaking to James Coker of the Infosecurity Magazine, CISA Senior Technical Advisor Jack Cable comments, “We continue seeing many of the most dangerous exploits leveraging memory safety vulnerabilities.” Read the full article: https://lnkd.in/gSe7Gkf6

#ICYMI Recent updates to Linux 6.13 are paving the way to add more upstream Rust drivers to the Linux kernel, which is exciting news for #MemorySafety! 🎉 We have been supporting the Rust for Linux project’s Miguel Ojeda since 2022 and we are thrilled to see this progress. Congratulations, Miguel and team! The Linux kernel’s Greg Kroah-Hartman explains: "rust misc driver bindings and other rust changes to make misc drivers actually possible. I think this is the tipping point, expect to see way more rust drivers going forward now that these bindings are present… Next merge window hopefully we will have pci and platform drivers working, which will fully enable almost all driver subsystems to start accepting (or at least getting) rust drivers. This is the end result of a lot of work from a lot of people, congrats to all of them for getting this far, you've proved many of us wrong in the best way possible, working code :)” Read more in this post by Michael Larabel of Phoronix: https://lnkd.in/gW_KGZHJ

Grateful to Common Good Cyber for helping spread the word about Prossimo and #MemorySafety! 👏

Yep it’s technical, but it’s definitely not boring! Especially when we’re talking about #Rustls. Our investments in the #MemorySafe TLS library these past few years have brought us to a point where Rustls is a high-performance, memory safe alternative to OpenSSL. Next step? Grow adoption! 🌐 Read all about it in our annual report: https://lnkd.in/ghPT6zZX

Our 2024 annual report is now available! 🎉 Read it in full here: https://lnkd.in/gcsdrdhg This year we’ve made great strides towards creating a more secure and privacy-respecting Internet for everyone. From reaching the milestone of Let’s Encrypt serving 500 million active domains to Prossimo’s work with #Rustls, we’re proud of all we accomplished. Thank you to everyone who has been a part of making our global impact possible. 👏 🌏 Want to help? Consider making a donation today! https://lnkd.in/gh5gNNe

Organizations like 1Password, Google Fuchsia, and Fly.io are leading the way in #MemorySafety by adopting #Rustls. We’re thrilled to share that FIS, a leading global fintech firm whose services underpin a huge portion of the financial world, has joined that list! 👏 With the Rustls OpenSSL compatibility layer for Nginx, FIS was able to make the switch in just a few hours - no modifications or recompilation needed. Moving to Rustls is an excellent response to the recent cross-industry call from the Office of the National Cyber Director, The White House for companies to add memory safety to their roadmaps. If you’re running Nginx and are able to dedicate a few hours of engineering time like FIS did, your memory safety roadmap could have one item marked as ✅ in 2024. 🌐 Learn more in our latest blog post: https://lnkd.in/gZKcyCpA

We’re proud of the work that Ferrous Systems GmbH has been doing to improve the security and resilience of memory safe #HickoryDNS! Hickory-dns is a suite of DNS tools to run authoritative name servers and recursive resolvers (formerly known as trust-dns). We approached Ferrous Systems about this work about a year ago, and we couldn’t be happier with the results. Some of the recent improvements include: 🔹 DNSSEC validation (RFC 4035) and NSEC3 support (RFC 5155) have been successfully expanded or added to improve Hickory’s security and resilience. 🔹 Introduction of a conformance test suite to show concrete progress on the implementations themselves. 🔹 Previously unidentified bugs and issues were found and fixed. We’re grateful to Sovereign Tech Agency for funding this initiative and for the collaboration with Dirkjan Ochtman, Marcus Butler, and Hickory’s maintainer, Benjamin Fry! Read the full blog post: https://lnkd.in/gRa4yP9C