The life of a Rust security vulnerability - Pietro Albini
Pietro Albini Rust Infrastructure Team Lead - Rust and Llvm Security Response - Building Compilers at Ferrous Systems The Rust Security Response WG is responsible for receiving reports about Rust vulnerabilities, disclosing the vulnerability to the public, and assisting the Rust project teams when developing the fix. The WG is crucial for the security of the Rust ecosystem, but most of its work has to be kept private to prevent vulnerabilities from leaking. In this talk, a member of the WG explains how it operates and handles vulnerabilities. During the talk we’ll walk through CVE-2022-21658 (race condition in std::fs::remove_dir_all), from the moment we received the report to the public disclosure.
October 13, 2022