Send in your ideas for NGI Taler/Fediversity. Deadline August 1, 2026
Grant
Theme fund: NGI0 Commons Fund
Start: 2026-06
More projects like this
Measurement

Dep-scan memory-safety risk analysis

Static analysis to identify memory-safety issues

Memory-safety and memory-safe languages are gaining momentum. Thanks to modern compilers and build toolchains, these languages enable automated safety checks with a combination of static analysis, fuzzing, and tracing libraries. The goal of this project is to enhance dep-scan and its dependent libraries (atom, blint, and chen) to identify components with memory-safety risks through static analysis (of source and binary). With this approach, the SBoM and VDR generated will automatically include details and evidence about components with memory-safety risks - leading to more proactive and focused risk management. For instance, not every module offered by a legacy library could have memory-management related weaknesses. And using a vulnerable library doesn't mean an application is actually using that library in an unsafe manner.

Run by AppThreat

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero Commons Fund: letterlogo shaped like a tag

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).