Understanding Vulnerability Analysis in the Rust Programming Language
Software Engineering Institute
While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious software that can take advantage of those vulnerabilities. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Garret Wassermann, researchers with the SEI's CERT Division, explore tools for understanding vulnerabilities in Rust whether the original source code is available or not. These tools are important for understanding malicious software where source code is often unavailable, as well as commenting on possible directions in which tools and automated code analysis can improve.
About the Speaker
David Svoboda is a software security engineer at the CERT Division of the Software Engineering Institute. He co-authored or contributed to four books, including The SEI CERT C Coding Standard and The CERT Oracle Secure Coding Standard for Java. He also maintains the SEI CERT Coding Standards wiki and has …Read more
Garret Wassermann is an SEI alumni employee.
Garret Wassermann is a vulnerability analyst in the CERT Division at the SEI. His research interests include development of programming-language and static-analysis tools for vulnerability discovery and software system verification. Previously, he taught mathematics, physics, and computer science courses as an adjunct instructor …Read more