search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

  1. SEI
  2. Publications
  3. Digital Library
  4. Software Security in Rust

Software Security in Rust

March 2023 Podcast
Joe Sible, David Svoboda

David Svoboda and Joe Sible talk with Suzanne Miller about the Rust programming language and its security-related features.

Publisher:

Software Engineering Institute
Subjects

Listen

Watch

Abstract

Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers in the SEI’s CERT Division, talk with principal researcher Suzanne Miller about the Rust programming language and its security-related features. Svoboda and Sible discuss Rust’s compile-time safety guarantees, the kinds of vulnerabilities that Rust fixes and those that it does not, situations in which users would not want to use Rust, and where interested users can go to get more information about the Rust programming language.

About the Speaker

Joe Sible

Joe Sible

Joe Sible is an associate software engineer in the Cybersecurity Foundations Directorate of the CERT Division at the SEI. He specializes in coding and Linux system administration. He has worked with ...

Joe Sible is an associate software engineer in the Cybersecurity Foundations Directorate of the CERT Division at the SEI. He specializes in coding and Linux system administration. He has worked with DoD customers to ensure that secure coding rules are being followed and to implement DevSecOps practices. He also maintains the SEI CERT Coding Standards wiki. Sible holds a bachelor of science degree in actuarial science and a master’s degree in internet information systems from Robert Morris University.

Read more
David Svoboda

David Svoboda

David Svoboda is a software security engineer at the CERT Division of the Software Engineering Institute. He co-authored or contributed to four books, including The SEI CERT C Coding Standard and The ...

David Svoboda is a software security engineer at the CERT Division of the Software Engineering Institute. He co-authored or contributed to four books, including The SEI CERT C Coding Standard and The CERT Oracle Secure Coding Standard for Java. He also maintains the SEI CERT Coding Standards wiki and has taught Secure Coding in C and C++ all over the world to various groups in the military, government, and banking industries.

Svoboda is also involved in several ISO standards groups, including the JTC1/SC22/WG14 for standardizing C and the JTC1/SC22/WG21 for standardizing C++.

Read more