|
|
|
|
|
|
by gousiosg
2700 days ago
|
|
|
Here is some recent research where we are trying to solve the security and update issues in Rust/Cargo: https://pure.tudelft.nl/portal/files/46926997/main2.pdf TLDR: it boils down to analysing dependencies at the level of the callgraph; but building those callgraphs isn't easy. The benefit in the security use case is ~3x increased accuracy when identifying vulnerable packages (by eliminating false positives). |
|
|