TCSE logo 
 Sigsoft logo
Sustainability badge
Sat 3 May 2025 14:40 - 15:00 at 204 - Paper Session 2 Chair(s): Ziyang Ye

Since its inception in 1972, the C programming language has employed a design philosophy that gives developers free reign and fine-grained control. Unfortunately, despite multiple generations of new engineers, C projects still suffer from chronic human errors that lead to vulnerabilities. Newer languages like Rust have taken a different approach with the stated goal of mitigating these errors via enforcing types and borrow checking at compile-time. These guarantees are promising, and indeed much work is being committed to “translating” C to Rust. But how much of an impact would Rust have had? The goal of this work is to inform the discussion around secure programming language designs by historically analyzing vulnerabilities in C with respect to Rust. We made a comprehensive mapping of the entire Common Weakness Enumeration vulnerability taxonomy to what Rust would be able to mitigate. We identified 68 prominent open source projects with C code, collected their vulnerability history data, and used their CWE designations to explore a best-case speculation on how many vulnerabilities might have been prevented with Rust. We estimate that 58.2% of historical vulnerabilities in our selection of open source C projects would have been virtually impossible in Rust. Depending on one’s expectations, this number might be surprisingly high or surprisingly low, so we hope this study will help ground the discussion about the decision for C projects to “oxidize.”

Sat 3 May

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Paper Session 2SVM at 204
Chair(s): Ziyang Ye The University of Adelaide
14:00
20m
Talk
An Exploratory Study of Security Vulnerabilities in Machine Learning Deployment Projects
SVM
Akond Rahman Auburn University, USA, Anthony Skjellum Tennessee Tech University, Yue Zhang Auburn University
14:20
20m
Talk
Edge-Based Detection of Label Flipping Attacks in Federated Learning Using Explainable AI
SVM
Nourah Alotaibi KFUPM, Muhamad Felemban KFUPM, Sajjad Mahmood King Fahd University of Petroleum & Minerals
14:40
20m
Talk
"Just Use Rust": A Best-Case Historical Study of Open Source Vulnerabilities in C
SVM
Andy Meneely Rochester Institute of Technology, Aiden Green Rochester Institute of Technology, Tyler Jaafari Rochester Institute of Technology, Matthew Fluet Rochester Institute of Technology, Brandon Keller Rochester Institute of Technology
15:00
20m
Talk
Understanding the Changing Landscape of Automotive Software Vulnerabilities: Insights from a Seven-Year Analysis
SVM
Srijita Basu Chalmers University of Technology and University of Gothenburg, Miroslaw Staron Chalmers University of Technology and University of Gothenburg
15:20
10m
Day closing
Workshop Closing
SVM

:
:
:
: