Secret Zeroization Audit
Detect sensitive data left in memory and zeroization stripped by compiler optimizations. Uses assembly-level and control-flow analysis to verify keys, passwords, and secrets are actually wiped in C, C++, and Rust.
Calling memset to wipe a key isn't enough — compilers optimize it away. This skill audits code that handles secrets for missing zeroization and, crucially, checks the generated assembly and control flow to confirm the wipe survives optimization in C, C++, and Rust.
When to use
Use when auditing C/C++/Rust code that handles secrets, keys, passwords, or other sensitive data, to confirm that zeroization is present and not removed by the compiler.
Examples
Audit secret wiping
Check that keys are zeroized
Audit this Rust crypto code to confirm all key material is zeroized and not optimized away
Verify at assembly level
Confirm the wipe survives -O2
Check whether this memset-based secret wipe in C survives compiler optimization