Garret Wassermann

Garret Wassermann

he/him

Security Engineer @ GitLab

Rust Ecosystem Security

less than 1 minute read

Published:

Below is a round up of some of my work at the Software Engineering Institute investigating secure coding in Rust and the security of the Rust ecosystem in terms of vulnerability analysis and reverse engineering work.

SEI Blog Post: Rust Vulnerability Analysis and Maturity Challenges

SEI Podcast: Understanding Vulnerability Analysis in the Rust Programming Language

I co-authored the above article and podcast with David Svoboda. Joe Sible provided some review and feedback.

Presentation: Will Rust Solve Software Security? Summary: In this presentation, the authors evaluate the Rust programming language from a cybersecurity perspective.

This presentation was co-authored with David Svoboda and Joe Sible, who also delivered the talk on my behalf.

(Note: Updated 2023-06-13 to include latest publications on this topic that took a bit of time to get published on the SEI website.)

You May Also Enjoy

New Personal PGP Key

Published:

1 minute read

Around when I started at the CERT Coordination Center in 2014, I created a personal PGP key for secure email communications to handle vulnerability reports. With that key going on a decade old, it seemed appropriate to retire it and create a newer key. Especially since newer crypto algorithms like ECC are becoming more popular, with the older RSA (possibly?) beginning to phase out. Trail of Bits for example has a blog post arguing to stop using RSA and instead adopt ECC, in particular Ed25519, for signing keys. Read more

Malware Analysis Tools for Ghidra

Published:

1 minute read

Below is a round up of some of my work at the Software Engineering Institute with Ghidra and developing automated tools for reverse engineering and static code analysis, particularly with an eye toward malware analysis. Read more

Lost Knowledge As Libraries Go Online

Published:

4 minute read

My local library recently ended a pretty big sale; most of its books were sold for about $0.25 each. Many of the books were technical (though introductory level): programming, mathematics, sciences. But there was also a good amount of history and fiction available. I love books and snatched up a bunch, but I did so with a heavy heart at seeing so much knowledge being given up by a place of a learning – particularly when many of the shelves that used to hold books now hold DVDs. Read more

Coordinated Vulnerability Disclosure

Published:

1 minute read

Below is a round up of a series of blog posts I authored for the Software Engineering Institute blog describing the coordinated vulnerability disclosure (CVD) process and challenges in coordinating vulnerability responses with vendors. Read more