How RunSafe Migrated a 30,000-Line C++ Codebase to Rust

Memory-safe languages like Rust are often recommended for new development — but rewriting large, security-critical C++ systems is rarely straightforward.

In this S4x25 session, Mitch Souders, Senior Software Engineer at RunSafe Security, shares how his team converted a 30,000-line C++ codebase to Rust to address memory-safety risks while preserving performance and behavior. Driven by the prevalence of memory-safety vulnerabilities and RunSafe’s secure-by-design principles, the project focused on eliminating entire classes of bugs rather than fixing them piecemeal.

Mitch walks through the technical realities of the migration, including operating without the Rust standard library, avoiding libc dependencies, handling global mutable state, and isolating unsafe Rust behind safe abstractions. He also covers the team’s testing and verification strategy, using comparative testing to ensure the Rust implementation matched the original C++ behavior byte for byte.

The result was a successful conversion with performance on par with C++, reduced binary size, and only about 1.5% of the codebase requiring unsafe Rust — along with the discovery of several latent bugs in the original C++ implementation.

This talk offers practical guidance for engineers responsible for legacy C++ codebases, security software, and ICS/OT environments who are evaluating Rust as a path to stronger memory safety.