Quantifying how safe typical Rust code is, by looking at fuzzing metrics:
miniblog.
Related Posts
The effectiveness of fuzzing, the limitations of current research, your best options today, and a worked example:
When Nvidia discusses choosing Ada for security critical software, they mention the cost of fuzzing (slide 17). It's an interesting argument: if the language gives you more assurances, you don't need so much compute to fuzz test!
https://www.slideshare.net/AdaCore/securing-the-future-of-safety-and-security-of-embedded-software
Rewriting, debugging, and fuzzing a new manual format in OpenBSD: https://www.openbsd.org/papers/bsdcan15-mandoc.pdf
I particularly enjoyed the root cause analysis of the fuzzing bugs found.
