rust
Safeguard articles tagged "rust" — guides, analysis, and best practices for software supply chain and application security.
39 articles
Rust Memory Safety: A CVE Trend Analysis
Analysis of CVE data across Rust crates and std releases, measuring how memory safety affects vulnerability shape, density, and unsafe-block concentration.
Rust Supply Chain: cargo-vet Expansion in 2025
Mozilla and Google expanded cargo-vet's shared audit pool to 14,000 crates in Q1 2025. Here's how to adopt it without drowning in imports.
Rust Embedded Supply Chain Guide
Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.
Dataflow Analysis in Modern Codebases
Dataflow analysis is the workhorse behind most vulnerability research. Here's how it adapts to TypeScript, Rust, and the polyglot realities of modern software.
Auditing Rust unsafe Code at Scale
How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.
Rust Procedural Macros: Security Risks
Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.
Rust Crate Security: cargo audit, cargo vet and Beyond
cargo audit catches known-bad versions, cargo vet forces someone to actually read the code. What each tool covers, what neither covers, and how to run both without hating your CI.
Rust Feature Flags: Supply Chain Implications
Cargo feature flags look like a compilation convenience but they are a load-bearing piece of your supply chain posture. Here is why.
Rust Tokio Dependency Security Review
Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.
Zig's Memory Safety Model: A Security Analysis for Systems Programmers
Zig offers memory safety features that C lacks but does not go as far as Rust. For security-critical code, understanding where Zig sits on the safety spectrum matters.
rust crates.io Security Model Reviewed
A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.
Rust Edition Migration Security Notes
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.