NSA Backs Memory-Safe Programming
Today’s issue: Learn Rust the Hard Way, Rust Security Handbook, and Why Is the Rust Compiler Slow?
Happy end of June, Rustaceans.
As we usher in a new month, we wish you a productive and joyful July.
In this issue, we’ll discuss NSA/CISA’s recent report, present you a Rust challenge, spotlight an amazing Rust project, and share ten(10) incredible links of the week.
Here’s issue 73 for you!
THE MAIN NEWS
NSA Backs Memory-Safe Programming
Last week was packed with exciting releases. Warp released its Agentic Development Environment, Zed kept the momentum going with version 0.193.0, introducing Helix's keymap, and amidst it all, NSA and CISA collaborated on a report titled “Reducing Vulnerabilities in Modern Software Development” and Rust is stealing the show yet again!
This report comes 16 months after the White House's “A Path Toward Secure and Measurable Software”, urging the move to memory safe languages.
This report isn’t just another government memo - it’s kinda a love letter to memory-safe languages, giving Rust the spotlight it deserves for making software less prone to catastrophic bugs.
The report highlighted that memory safety vulnerabilities, like buffer overflows and dangling pointers, are a massive headache, accounting for 75% of CVEs in real-world exploits.
Rust’s ownership model steps in like a superhero, catching these issues at compile time. As the report eloquently puts it, “Memory-safe languages offer built-in safeguards that shift safety burdens from developers to the language and the development environment.” Translation: Rust does the heavy lifting, so you can focus on crafting awesome code without sweating the small, crash-inducing stuff.
Why This Matters
Memory safety isn’t just a buzzword - it’s a critical issue. The report cites chilling stats: 66% of iOS 12 CVEs and 71% of Mojave CVEs in 2019 were memory-related.
Remember Heartbleed and BadAlloc vulnerabilities that wreaked havoc from hospital data breaches to compromised industrial systems? Well Rust would have prevented that.
The report also praises Rust’s role in Android, where prioritizing Rust for new code led to a dramatic drop in vulnerabilities without rewriting the entire codebase.
But it’s not all smooth sailing. Adopting Rust can be tricky, especially for legacy systems or teams used to C’s wild west. The learning curve is steep - Rust’s borrow checker doesn’t mess around - but the report argues the benefits outweigh the challenges.
So, there you have it, Rustaceans. The future is bright, and it’s memory-safe!
RUST CHALLENGE 🦀
Last week, we challenged you to solve the number spiral problem.
Thanks to Amaso who shared their solution to the challenge. Great work!
Let’s move on to this week’s challenge.
Word Frequency Counter
Write a word_frequency function that reads a string of text and counts the frequency of each word, ignoring case and punctuation.
Return the results as a sorted list of word-frequency pairs, where words are in lowercase and sorted alphabetically.
You can start writing and testing your solution on Rust Playground. Once completed, please share your solution and tag us either on X, BlueSky, Mastodon, or reply to this email.
PROJECT SPOTLIGHT 💡
CocoIndex
CocoIndex is a high-performance framework built to streamline data prep for AI, from embeddings to knowledge graphs.
CocoIndex tackles the pain of preparing fresh, AI-ready data while keeping pipelines efficient.
It eliminates the hassle of manual change tracking, recomputing entire datasets, and wrestling with outdated SQL-based workflows, letting you focus on transformations, not infrastructure.
Here’s what makes CocoIndex cool:
Dataflow Programming - Define transformations like spreadsheet formulas, no hidden states, no mutations, just pure, observable data lineage. Think map meets Rust’s ownership rules.
Incremental Processing - Only update what’s changed with built-in change data capture, keeping your AI agents fed with fresh data faster than a cargo run.
Flexible Exports - Send your transformed data to vector DBs, graph DBs, or Postgres with ease, perfect for semantic search or recommendation systems.
Source Simplicity - You can connect to local files, S3, or Google Drive, and let CocoIndex handle source updates while you sip your coffee.
Check out CocoIndex on GitHub, and share your wildest dataflow ideas.
AWESOME LINKS OF THE WEEK 🔗
Rust 1.88.0 is out. Featuring let chains (which we wrote about in issue 64) for cleaner conditionals, naked functions for low-level control, boolean cfg literals, and Cargo's new auto-cache cleaning. Also the Rust Project Goals program for 2025H2 is open for submissions until July 18, 2025.
The trio of Jia Long Loh, Pu Li, Muqi Li, and Md Riyadh from Grab authored an article detailing their experience rewriting the Counter service from Go to Rust and their valuable lessons learned along the way.
Drew from Filtra interviewed Jon Gjengset (author of Rust for Rustaceans), about Helsing's use of Rust to optimize military hardware for European democracies, tackle real-time battlefield challenges, and address ethical considerations in defense technology development.
José Díaz shared why he Switched from Flutter + Rust to Rust + egui.
Yevh’s “The Complete Rust Security Handbook”, is a comprehensive guide on Rust's type system, error handling, safe arithmetic, cryptography, and other best practices to build secure, reliable systems, particularly for financial and Web3 applications.
Christian Legnitto discussed how he used AI to port Vulkan shaders to Rust using Rust GPU, achieving a 30x speedup compared to manual porting, demonstrating Rust GPU's production readiness and its ability to integrate with Vulkan workflows.
Andrew Burkhart (Senior Rust Engineer at 1Password), joined the Corrode podcast to explain how they use Rust to enable secure, reliable systems for managing secrets, integrating with diverse platforms, and delivering a seamless user experience for millions. [audio]
"Why is the Rust compiler slow?" by Sharnoff analyzes the Rust compiler's slow build times in a Docker environment, identifying Link Time Optimization, module code generation, and demonstrates significant time reductions through optimizations like disabling LTO, adjusting inlining, and switching to a Debian base image.
Rupesh Prajapati is back again with another tutorial on safely parsing network packets using eBPF and Rust, focusing on extracting protocol fields from Ethernet, IPv4, and TCP/UDP headers with memory safety and XDP for high-performance processing, enabling the development of network tools like firewalls and traffic monitors.
Mike Hanley wrote the development of the Disney+ Application Development Kit (ADK), enabling partners to deploy Disney+ on diverse devices using a C’99-based runtime (NCPv2) and a Rust client compiled to WebAssembly.
CodeCrafters: Become a Better Rust Engineer
CodeCrafters created amazing Rust courses that push your skills beyond the basics.
You’ll have fun building real-world projects from scratch, including Git, Docker, Redis, Kafka, SQLite, Grep, BitTorrent, HTTP Server, an Interpreter, and DNS.
The courses are self-paced, so you can learn at your own speed.
If you’re itching to level up your Rust skills, these courses are perfect for you.
Here’s what makes CodeCrafters stand out:
You learn by building projects that challenge you beyond just implementing CRUD features.
Strengthen your fundamentals by working on awesome low-level projects.
You’ll get really good at reading and writing idiomatic Rust code.
Plus, you take part in monthly contests for a chance to win exciting prizes.
You can get your CodeCrafters fees fully reimbursed through your corporate Learning & Development (L&D) budget.
Check with your employer about using your L&D budget for CodeCrafters to save money and make this a no-brainer opportunity to level up your skills.
Join for free and get 40% off when you upgrade. [affiliate]
SUPPORT RUST BYTES
You’re Rust Bytes’ biggest fans, and we love to see it.
Here’s how you can help spread the word:
❤️ Recommend Rust Bytes to your friends.
🤳 Connect with us on our socials: X, BlueSky, Mastodon, Publication.
☕️ Support our editors by buying us coffee.
📨 Email us at rustaceanseditors@gmail.com for sponsorship, feedback or ideas.
My phone got stolen last week and planning on getting a new one soon. Wish you a great week ahead!
That's all for now, Rustaceans.
John & Elley.