blog-2026-04-29-bugs-rust-wont-catch

> *Bugs Rust Won't Catch*
> In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since 25.10. Most of them came out of an external audit commissioned ahead of the 26.04 LTS.
> I read through the list and thought there’s a lot to learn from it.
> What’s notable is that all of these bugs landed in a production Rust codebase, written by people who knew what they were doing, and none of them were caught by the borrow checker, clippy lints, or cargo audit.

 \- https://corrode.dev/blog/bugs-rust-wont-catch/

interesting!