Is There a Heap Buffer Overflow in My Browser?

Allen Wyma talks with Sergey Davidoff, creator of cargo-auditable, a cargo plugin for auditing your Rust dependencies for security vulnerabilities.

Contributing to Rustacean Station

Rustacean Station is a community project; get in touch with us if you’d like to suggest an idea for an episode or offer your services as a host or audio editor!

• Twitter: @rustaceanfm
• Discord: Rustacean Station
• Github: @rustacean-station
• Email: hello@rustacean-station.org

Timestamps

• [@00:10] - Introduction to cargo-auditable
• [@07:51] - Guarantees that cargo-auditable provides
• [@17:33] - Trivy and other crates that are in cargo-auditable
• [@19:47] - cargo-auditable vs cargo audit
• [@21:09] - Sergey’s programming background
• [@34:49] - Vulnerabilities Sergey was able to encounter and reported to RustSec
• [@39:47] - Feedbacks and reactions from library owners that were found to have issues
• [@48:52] - How does Sergey handle problems and issues he encounters?
• [@56:48] - Sergey’s tips and advice to those who want to improve security on their projects
• [@59:36] - Parting thoughts and shoutouts

Credits

Intro Theme: Aerocity

Audio Editing: Plangora

Hosting Infrastructure: Jon Gjengset

Show Notes: Plangora

Hosts: Allen Wyma