TrustInSoft and Ferrous Systems partner on Rust code analysis

TrustInSoft and Ferrous Systems have joined forces in a strategic partnership to integrate support for Rust code analysis using Ferrocene, the qualified Rust compiler toolchain from Ferrous Systems. This collaboration combines TrustInSoft’s expertise in mathematical software verification with Ferrous Systems’ deep knowledge of Rust, aiming to help organizations enhance the security and reliability of their software.

In response to the Cybersecurity and Infrastructure Security Agency's (CISA) revised guidance in January 2025, urging software vendors to eliminate memory safety risks by 2026, the partnership addresses the pressing issue of memory safety vulnerabilities in critical industries such as automotive, aerospace, telecommunications, IoT, and medical sectors.

Both TrustInSoft and Ferrous Systems are active members of the Rust Foundation’s Safety-Critical Rust Consortium, advocating for the responsible use of Rust programming language in safety-critical software. With Rust's ownership model and borrow checker providing memory safety, the partnership aims to assist companies in transitioning to more secure software development practices, reducing reliance on traditional languages like C and C++.

Benjamin Monate, CTO of TrustInSoft, emphasized the importance of security and reliability in software development, stating, “By collaborating with Ferrous Systems and contributing to the Ferrocene language specification, TrustInSoft seeks to offer organizations the best of both worlds—formal verification methods and Rust’s safety guarantees—to help eliminate vulnerabilities at the root.”

One of the challenges faced by organizations is managing hybrid codebases that blend Rust and C/C++. While leveraging Rust's memory safety features, many companies are still maintaining legacy C/C++ code due to ecosystem compatibility and transition costs. This hybrid approach introduces security risks, especially at the interface between Rust and C/C++ code, highlighting the need for thorough analysis and verification.

Through the partnership, TrustInSoft's static analysis and Ferrous Systems' Rust tooling provide a comprehensive solution for safe interoperability between Rust and C/C++. By conducting rigorous verification and analysis, the collaboration ensures the elimination of memory safety vulnerabilities, supports safe integration between Rust and C/C++, and aids compliance with evolving cybersecurity standards.

Florian Gilcher, Managing Director and Co-Founder of Ferrous Systems, noted, “Rust’s safety features make it an ideal choice for modern, secure software development. Partnering with TrustInSoft enables organizations to adopt Rust alongside legacy code in safety-critical environments with a structured, verified approach.”

As part of their joint efforts, TrustInSoft and Ferrous Systems are developing new initiatives to provide organizations with enhanced memory safety measures, further solidifying their commitment to advancing secure software development practices.