TrustInSoft and Ferrous Systems Partner on Rust Security

February 27, 2025

Story

Memory safety vulnerabilities are a significant security risk for any enterprise, but especially in automotive, aerospace, telecommunications, IoT, and medical. Because of this ongoing challenge, the Cybersecurity and Infrastructure Security Agency (CISA) released revised guidance in January 2025 urging software vendors to eliminate memory safety risks by 2026​.

In a recent news release, TrustInSoft, a provider of software analysis tools and formal verification for software security, and Ferrous Systems, a Rust solutions provider for safety-critical systems, have announced a new strategic partnership to help companies manage memory security.

According to the announcement, they will work together to integrate support for Rust code analysis using Ferrocene, Ferrous Systems’ qualified Rust compiler toolchain. This collaboration is designed to bring together TrustInSoft’s mathematical software verification and Ferrous Systems’ Rust expertise with the goal of helping companies improve the security and reliability of embedded software.

Ferrocene also recently made news with its IEC 62304 Class C qualification for medical device software, which allows the company to help medical device developers streamline compliance efforts while ensuring high safety and reliability standards.

"Rust’s safety features make it an ideal choice for modern, secure software development, but ensuring safe adoption in real-world applications requires a deep understanding of both new and existing codebases," said Florian Gilcher, Managing Director and Co-Founder of Ferrous Systems. "By partnering with TrustInSoft, we are enabling organizations to take a more structured, verified approach to deploying Rust alongside legacy code in safety-critical environments."

Memory Safety 

TrustInSoft and Ferrous Systems are both members of the Rust Foundation’s Safety-Critical Rust Consortium, which advances the responsible use of Rust programming language in safety-critical software.

While Rust’s ownership model and borrow checker provide a solution for memory safety, many organizations continue to rely on C and C++ due to a historic lack of safer alternatives with comparable performance. This new partnership reportedly is designed to help companies transition to more secure software development practices, whether they are modernizing existing codebases or developing new applications.

A growing number of applications are now blending Rust and C/C++, leveraging Rust’s memory safety features while maintaining compatibility with existing software infrastructure. This hybrid approach can introduce security challenges at the boundary between Rust and C/C++ code.

By combining TrustInSoft’s static analysis with Ferrous Systems’ Rust tooling, the partners said that customers will get safe interoperability between Rust and C/C++ by:

• eliminating memory safety vulnerabilities through rigorous verification and analysis
• ensuring safe interoperability between Rust and C/C++
• mitigating risks at integration points
• supporting compliance with emerging cybersecurity standards and best practices

"Security and reliability are fundamental in software development but achieving them requires more than just choosing a memory-safe language," said Benjamin Monate, CTO of TrustInSoft. "By working with Ferrous Systems and actively contributing to the Ferrocene language specification, TrustInSoft aims to provide organizations with the best of both worlds—proven formal verification methods and the benefits of Rust’s safety guarantees—to help them eliminate vulnerabilities at the root."