TrustInSoft and Ferrous Systems partner on Rust code analysis
TrustInSoft has formed a strategic partnership with Ferrous Systems to integrate support for Rust code analysis using Ferrocene, the qualified Rust compiler toolchain from Ferrous Systems.
The partnership brings together TrustInSoft’s expertise in mathematical software verification and Ferrous Systems’ deep knowledge of Rust to help organisations enhance the security and reliability of their software.
In January 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released revised guidance urging software vendors to eliminate memory safety risks by 2026. Memory safety vulnerabilities remain a significant cybersecurity challenge, particularly in critical industries, including automotive, aerospace, telecommunications, IoT, and medical.
TrustInSoft and Ferrous Systems are members of the Rust Foundation’s Safety-Critical Rust Consortium, supporting the responsible use of Rust programming language in safety-critical software and a shared vision to provide developers with the tools they need to build inherently secure software. While Rust’s ownership model and borrow checker enables memory safety, many organisations continue to rely on C and C++ due to a historic lack of safer alternatives with comparable performance—until now. This partnership is designed to help companies transition to more secure software development practices.
“Security and reliability are fundamental in software development, but achieving them requires more than just choosing a memory-safe language,” said Benjamin Monate, CTO of TrustInSoft. “By working with Ferrous Systems and actively contributing to the Ferrocene language specification, TrustInSoft aims to provide organizations with the best of both worlds—proven formal verification methods and the benefits of Rust’s safety guarantees—to help them eliminate vulnerabilities at the root.”
The challenge of hybrid codebases
A growing number of applications are now blending Rust and C/C++, leveraging Rust’s memory safety features while maintaining compatibility with existing software infrastructure. Many organizations are also migrating specific modules to Rust while maintaining legacy C/C++ codebases due to the vast ecosystem of libraries and the high cost of full language transitions.
However, this hybrid approach introduces new security challenges, particularly at the boundary between Rust and C/C++ code. Without rigorous analysis and verification, memory safety risks can persist, undermining the benefits of Rust’s security model.
Combining exhaustive static analysis from TrustInSoft with Rust tooling from Ferrous Systems leadership ensures safe interoperability between Rust and C/C++. The partnership eliminates memory safety vulnerabilities through rigorous verification and analysis, ensures safe interoperability between Rust and C/C++ to mitigate risks at integration points, and
supports compliance with emerging cybersecurity standards and best practices.
“Rust’s safety features make it an ideal choice for modern, secure software development, but ensuring safe adoption in real-world applications requires a deep understanding of both new and existing codebases,” said Florian Gilcher, Managing Director and Co-Founder of Ferrous Systems. “By partnering with TrustInSoft, we are enabling organizations to take a more structured, verified approach to deploying Rust alongside legacy code in safety-critical environments.”
As part of this partnership, TrustInSoft and Ferrous Systems are working on new initiatives to provide organisations with enhanced memory safety.
www.ferrous-systems.com
www.trust-in-soft.com
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
