Understanding Vulnerabilities in the Rust Programming Language
ฝัง
- เผยแพร่เมื่อ 7 มิ.ย. 2023
- While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities-and malicious software that can take advantage of those vulnerabilities. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Garret Wassermann, researchers with the SEI's CERT Division, explore tools for understanding vulnerabilities in Rust whether the original source code is available or not. These tools are important for understanding malicious software where source code is often unavailable, as well as commenting on possible directions in which tools and automated code analysis can improve.
#Rust, #programming, #vulnerabilities, @TheSEICMU
The SEI Podcast Series is available sei.cmu.edu/podcasts and on the following channels:
Apple Podcasts: podcasts.apple.com/us/podcast...
Google Podcasts: podcasts.google.com/?feed=aHR...
TuneIn: tunein.com/podcasts/Technolog...
SoundCloud: / cmu-sei-podcasts
Stitcher: www.stitcher.com/podcast/soft...
Spotify: open.spotify.com/show/1CAKTiV... - วิทยาศาสตร์และเทคโนโลยี
![[ไฮไลต์] แบดมินตันชาย SHI Yu Qi (จีน) vs วิว กุลวุฒิ (ไทย) รอบ 8 คน | โอลิมปิก 2024](http://i.ytimg.com/vi/f7z7taforOM/mqdefault.jpg)
Awesome ;)
What portion of those known vulnerabilities are related to unsafe block ?
Re: rust maturity. Although Rust has pretty strong guarantees that the stable version will not change too much or you can at least still compile old code, my own experience is many of the dependencies required unstable rust and the dependencies changed so fast that I spent a large amount of time dealing with dependency issues. But this is not unique to rust. As projects age in almost any language there is a need to update dependencies, but in my particular case it was a lot harder to do so in rust than my experience elsewhere.
Dave Svoboda and I are kindred spirits! After decades of writing code for a living, I finally, belatedly learned that security is fundamental. I am now an evangelist.