Cryptographers engage in war of words over RustSec bug reports and subsequent ban

A prominent cryptographer, Nadim Kobeissi, has been at odds with Rust security maintainers over his claims of critical bugs in Rust cryptography libraries, which he has been trying to address since February. The maintainers have reportedly dismissed and ignored his vulnerability reports, ultimately banning him from Rust security channels. Kobeissi's efforts to get code fixes applied have been met with resistance, sparking a heated debate over the handling of bug reports and the security of Rust's cryptography ecosystem¹. The dispute highlights the challenges of ensuring the security of open-source projects, particularly those critical to emerging technologies. Kobeissi's claims, if valid, could have significant implications for the security of Rust-based applications. So what matters to practitioners is that the outcome of this debate will set a precedent for how vulnerability reports are handled in the Rust community, impacting the security posture of countless projects that rely on Rust's cryptography libraries.