|
|
|
|
|
|
by ATsch
1508 days ago
|
|
|
This list is actually quite interesting for a few reasons. One is that a large fraction of these security issues are not real, potentially exploitable vulnerabilities, but merely the fact that it is possible to abuse an API to subvert Rust's safety guarantees. These are things would, by the standards of other programming languages, not be worth even reporting and be considered user error. The other is that a surprisingly large fraction of these are not from regular unsafe Rust code, but from misunderstanding the guarantees a C library makes when creating bindings for it. This is to be expected, as fully understanding those as a library is pretty difficult. A total of one memory safety issue reported for an entire ecosystem this year so far also seems pretty good. All in all, I think these are both pretty promising signs that the safety guarantees Rust provides working as intended. |
|
|