rust-security
Safeguard articles tagged "rust-security" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Rust Supply Chain Security: build.rs, Typosquatting, and Auditing crates.io
Rust's borrow checker guarantees memory safety in your code — and nothing about the crates you pull in. A cargo build runs arbitrary code at compile time, before any safe code executes.
Type-safe languages and their security benefits
Type safety eliminates entire CVE classes, not one bug at a time. Here's what the Microsoft, Google, and CISA data actually shows about the security payoff.
Rust Security Explained
Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.
Cargo supply chain attacks: typosquatting and malicious c...
Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.
Using cargo-audit and the RustSec Advisory Database to ca...
A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.
Auditing unsafe Rust FFI boundaries for memory corruption...
A step-by-step rust ffi security audit: map unsafe boundaries, fuzz with cargo-fuzz, run Miri and sanitizers, and verify ownership to catch memory corruption before shipping.
Cargo.lock integrity and reproducible builds as a supply ...
Cargo.lock pins your dependency tree, but only reproducible builds prove the binary you ship matches the source you reviewed and approved.
Malicious Rust crates found on crates.io
Malicious crates keep surfacing on crates.io, from the rustdecimal typosquat to build-script payload attacks. Here's how the pattern works and how to defend against it.
Unsafe Rust code vulnerability patterns
RustSec advisories tied to unsafe code keep climbing. Here's how unsound FFI, transmute misuse, and unchecked indexing become real exploits.
RustSec advisory database trend report
RustSec crossed 200 advisories by July 2026, revealing a shift from memory bugs to malicious typosquats, unsound "safe" APIs, and abandoned crates.
Typosquatting on crates.io report
Safeguard's research team scanned all of crates.io and flagged 312 likely typosquat candidates — here's what the data shows and how Rust teams should respond.