I am stepping back from maintaining ‘cargo audit’TL;DR: I will no longer be actively working on cargo audit and the RustSec security advisory database. I will continue working on my other…Mar 5Mar 5
Do not run any Cargo commands on untrusted projectsTL;DR: Treat anything starting with cargo as if it is cargo run.Mar 3A response icon2Mar 3A response icon2
How to avoid bounds checks in Rust (without unsafe!)Featuring optimizer tricks, iterators and The Minimum Possible Bounds CheckJan 17, 2023A response icon5Jan 17, 2023A response icon5
The simpler alternative to GCC-RSYou really don’t need to rewrite the Rust compiler in C++ to get the benefits of GCC!May 30, 2021A response icon1May 30, 2021A response icon1
Smoke-testing Rust HTTP clientsBack in 2014 I was fetching frontpages of the top million websites to scan them for a particular vulnerability. Not only have I found…Jan 16, 2020A response icon4Jan 16, 2020A response icon4
Security as Rust 2019 goalThe goals and 2019 roadmap of Rust Secure Code Working GroupJan 18, 2019A response icon1Jan 18, 2019A response icon1
How I’ve found vulnerability in a popular Rust crate (and you can too)I have recently discovered a zero-day vulnerability in a fairly popular and well-designed Rust crate. In this article I’m going to discuss…Sep 28, 2018A response icon1Sep 28, 2018A response icon1
How Rust’s standard library was vulnerable for years and nobody noticedRust is a new systems programming language that prides itself on memory safety and speed. The gist of it is that if you write code in Rust…Aug 18, 2018A response icon13Aug 18, 2018A response icon13
Auditing popular Rust crates: how a one-line unsafe has nearly ruined everythingFollowing the actix-web incident (which is fixed now, at least mostly) I decided to poke other popular Rust libraries and see what comes of…Jul 19, 2018Jul 19, 2018
