MemTrack & CrateTrack

While writing a paper on the topic, To what extent can Rust’s memory safety model contribute to improving software security in the long term?, I came across an interesting study by Evans et al., Is Rust Used Safely by Software Developers?. In this work, the authors analyzed Rust’s package repository, crates.io, for instances of unsafe Rust and potential undefined behavior. This sparked my interest in building an autonomous system that checks for potential vulnerabilities in Rust crates, as well as tracking CVEs related to memory safety to better understand the broader problem.

As a result, I am currently developing two applications: MemTrack, for tracking memory-related CVEs, and CrateTrack, which performs automated checks for undefined behavior in crates.io packages using Miri.

Be aware that these projects are currently a work in progress but you can still check them out.