Talk - Thursday, 18 September
9:45
Your Rust code may be memory safe and the tests may pass, but that doesn’t mean there can’t be security vulnerabilities. Put your adversarial hat on and join me on a bug-hunting journey as we sharpen our testing tools. Rust and its ecosystem of crates is very safety- and soundness-orientated. This poses a challenge to auditors and bug hunters. There don’t tend to be the usual string of null pointer dereferencing, buffer over runs, or parsing bugs to fill reports. More involved application-level thinking is required to collect fewer issues. When a bug is found in Rust, we are at least rewarded by it being interesting.