II.
Workflow overview
Reference · liveworkflow:systems-memory-safety-audit
Systems Memory Safety Audit overview
Audits systems-level codebases for memory safety vulnerabilities — running AddressSanitizer and MemorySanitizer builds across the full test suite, executing coverage-guided fuzzing campaigns targeting parser and protocol handling code paths, analyzing unsafe block density and justification quality in Rust codebases, reviewing C/C++ code for buffer overflows, double-frees, and integer overflow patterns using Coverity and CodeQL, triaging findings by exploitability and blast radius, and tracking remediation progress against severity-based SLA deadlines. Produces vulnerability findings with CVSS scoring, sanitizer run summaries, and remediation burndown charts. Excludes application-layer security scanning.
Attributes
displayName
Systems Memory Safety Audit
workflowKind
governance
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Audits systems-level codebases for memory safety vulnerabilities — running
AddressSanitizer and MemorySanitizer builds across the full test suite,
executing coverage-guided fuzzing campaigns targeting parser and protocol
handling code paths, analyzing unsafe block density and justification quality
in Rust codebases, reviewing C/C++ code for buffer overflows, double-frees,
and integer overflow patterns using Coverity and CodeQL, triaging findings by
exploitability and blast radius, and tracking remediation progress against
severity-based SLA deadlines. Produces vulnerability findings with CVSS
scoring, sanitizer run summaries, and remediation burndown charts. Excludes
application-layer security scanning.
Outgoing edges
applies_to_domain2
- domain:systems-programming·DomainSystems Programming
- domain:cybersecurity·DomainCybersecurity
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:refactor-bot·RoleRefactor Bot
- role:principal-engineer·RolePrincipal Engineer
performed_by_org_unit2
- org-unit:application-security-team·OrgUnitApplication Security Team
- org-unit:engineering·OrgUnitEngineering
requires_skill_area2
- skill-area:profiling-memory·SkillAreaMemory Profiling
- skill-area:sast·SkillAreaStatic Application Security Testing (SAST)
triggers_responsibility2
- responsibility:security-review·ResponsibilitySecurity review
- responsibility:run-security-scans·ResponsibilityRun security scans
Incoming edges
None.