In a recent blog post, Pete LeVasseur explains that while Rust’s strong safety guarantees and growing use in real-world automotive, aerospace, and medical systems make it promising for safety-critical software, widespread shipping at high integrity levels still depends on maturing ecosystem support, stable toolchains, dependency management, and evidence-friendly development practices:

“When we set out on the Vision Doc work, one area we wanted to explore in depth was safety-critical systems: software where malfunction can result in injury, loss of life, or environmental harm. Think vehicles, airplanes, medical devices, industrial automation. We spoke with engineers at OEMs, integrators, and suppliers across automotive (mostly), industrial, aerospace, and medical contexts.

What we found surprised us a bit. The conversations kept circling back to a single tension: Rust’s compiler-enforced guarantees support much of what Functional Safety Engineers and Software Engineers in these spaces spend their time preventing, but once you move beyond prototyping into the higher-criticality parts of a system, the ecosystem support thins out fast. There is no MATLAB/Simulink Rust code generation. There is no OSEK or AUTOSAR Classic-compatible RTOS written in Rust or with first-class Rust support. The tooling for qualification and certification is still maturing.”

Read the entire post on the Rust blog.