TrustDNS is one in that space. We won't know for a while what actual, security record is. We do have some evidence from fuzzing where it led to panics vs worse effects in C. I think an objective test would compare effects of fuzzing Rust and C libraries to see how often Rust just panicked. The study should use different types of libraries that use the language in different ways. If Rust's claims are true, most problems will involve 3rd-party libraries that aren't Rust, unsafe Rust, and/or compiler errors that break safety. People doing the study could just grab popular C apps vs similar stuff in Rust on Github that's actually maintained. Also, look at amateurish and unmaintained stuff to see if those still have minimal vulnerabilities.

That's how I'd do it anyway.