Safeguard
Tag

rust-security

Safeguard articles tagged "rust-security" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Security Guides

Rust Supply Chain Security: build.rs, Typosquatting, and Auditing crates.io

Rust's borrow checker guarantees memory safety in your code — and nothing about the crates you pull in. A cargo build runs arbitrary code at compile time, before any safe code executes.

Jul 8, 20267 min read
Application Security

Type-safe languages and their security benefits

Type safety eliminates entire CVE classes, not one bug at a time. Here's what the Microsoft, Google, and CISA data actually shows about the security payoff.

May 20, 20267 min read
Industry Analysis

Rust Security Explained

Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.

Feb 22, 20266 min read
Supply Chain Attacks

Cargo supply chain attacks: typosquatting and malicious c...

Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.

Feb 5, 20267 min read
Open Source Security

Using cargo-audit and the RustSec Advisory Database to ca...

A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.

Feb 5, 20267 min read
Industry Analysis

Auditing unsafe Rust FFI boundaries for memory corruption...

A step-by-step rust ffi security audit: map unsafe boundaries, fuzz with cargo-fuzz, run Miri and sanitizers, and verify ownership to catch memory corruption before shipping.

Feb 5, 20268 min read
Software Supply Chain Security

Cargo.lock integrity and reproducible builds as a supply ...

Cargo.lock pins your dependency tree, but only reproducible builds prove the binary you ship matches the source you reviewed and approved.

Feb 5, 20268 min read
Open Source Security

Malicious Rust crates found on crates.io

Malicious crates keep surfacing on crates.io, from the rustdecimal typosquat to build-script payload attacks. Here's how the pattern works and how to defend against it.

Nov 11, 20257 min read
Open Source Security

Unsafe Rust code vulnerability patterns

RustSec advisories tied to unsafe code keep climbing. Here's how unsound FFI, transmute misuse, and unchecked indexing become real exploits.

Nov 11, 20257 min read
Open Source Security

RustSec advisory database trend report

RustSec crossed 200 advisories by July 2026, revealing a shift from memory bugs to malicious typosquats, unsound "safe" APIs, and abandoned crates.

Nov 11, 20258 min read
Open Source Security

Typosquatting on crates.io report

Safeguard's research team scanned all of crates.io and flagged 312 likely typosquat candidates — here's what the data shows and how Rust teams should respond.

Nov 10, 20257 min read
rust-security — Safeguard Blog