An intro to the world of auditing Rust code

Your Rust code may be memory safe and the tests may pass, but that doesn’t mean there can’t be security vulnerabilities. Put your adversarial hat on and join Morgan Hill, an independent security consultant, on a bug-hunting journey as we sharpen our testing tools. Rust and its ecosystem of crates is very safety- and soundness-orientated. This poses a challenge to auditors and bug hunters. There don’t tend to be the usual string of null pointer dereferencing, buffer over runs, or parsing bugs to fill reports. More involved application-level thinking is required to collect fewer issues. When a bug is found in Rust, we are at least rewarded by it being interesting.