Update update-2024-11.md

Signed-off-by: Joel Marcey <[email protected]>
ossf · Nov 29, 2024 · 966ef9c · 966ef9c
1 parent 45ea607
commit 966ef9c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/alpha/engagements/2024/Rust Foundation/update-2024-11.md b/alpha/engagements/2024/Rust Foundation/update-2024-11.md
@@ -26,6 +26,10 @@ A long standing issue for crates.io was that users could not see which "Rust Edi
 
 In June/July the crates.io team introduced RSS feeds for publishes on the package registry. This month, Tobias discovered that crate descriptions were not escaped properly. He fixed the issue in the upstream `quick-xml` and `rss` packages and then removed the temporary workaround within the crates.io codebase.
 
+### Build.rs security
+
+Work has begun on MVP test cases for unified build framework. Recall, Walter and Adam are spinning up an effort to see whether a safer framework can be built that will allow build.rs scripts to be replaced by a unified framework, meaning that build.rs scripts become more standardized in practice and easier to flag for review in the same manner as many organizations currently review all unsafe blocks in their dependency graphs.
+
 ### Backup Accounts
 
 Work is progressing on creating and implementing official backup accounts for all of Rust and crates.io.
@@ -50,4 +54,4 @@ The [Safety Critical Rust Consortium](https://github.com/rustfoundation/safety-c
 
 ## Threat Modeling
 
-Moved the links to these to the [README](./README.md) for persistent access.
+Moved the links to these to the [README](./README.md) for persistent access.