Safeguard
Tag

rust

Safeguard articles tagged "rust" — guides, analysis, and best practices for software supply chain and application security.

39 articles

Open Source Security

Rust Memory Safety: A CVE Trend Analysis

Analysis of CVE data across Rust crates and std releases, measuring how memory safety affects vulnerability shape, density, and unsafe-block concentration.

Jul 30, 20255 min read
Open Source Security

Rust Supply Chain: cargo-vet Expansion in 2025

Mozilla and Google expanded cargo-vet's shared audit pool to 14,000 crates in Q1 2025. Here's how to adopt it without drowning in imports.

Apr 15, 20255 min read
Open Source Security

Rust Embedded Supply Chain Guide

Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.

Dec 18, 20246 min read
Vulnerability Management

Dataflow Analysis in Modern Codebases

Dataflow analysis is the workhorse behind most vulnerability research. Here's how it adapts to TypeScript, Rust, and the polyglot realities of modern software.

Nov 18, 20248 min read
Open Source Security

Auditing Rust unsafe Code at Scale

How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.

Nov 18, 20247 min read
Open Source Security

Rust Procedural Macros: Security Risks

Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.

Oct 28, 20246 min read
Engineering

Rust Crate Security: cargo audit, cargo vet and Beyond

cargo audit catches known-bad versions, cargo vet forces someone to actually read the code. What each tool covers, what neither covers, and how to run both without hating your CI.

Sep 20, 20246 min read
Open Source Security

Rust Feature Flags: Supply Chain Implications

Cargo feature flags look like a compilation convenience but they are a load-bearing piece of your supply chain posture. Here is why.

Sep 12, 20247 min read
Open Source Security

Rust Tokio Dependency Security Review

Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.

Aug 22, 20246 min read
Language Security

Zig's Memory Safety Model: A Security Analysis for Systems Programmers

Zig offers memory safety features that C lacks but does not go as far as Rust. For security-critical code, understanding where Zig sits on the safety spectrum matters.

Aug 22, 20246 min read
Open Source Security

rust crates.io Security Model Reviewed

A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.

Jul 14, 20246 min read
Best Practices

Rust Edition Migration Security Notes

Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.

Jun 8, 20247 min read
rust (Page 2) — Safeguard Blog