From the new article Wired Rust calls “a “viral” secure programming language that is taking over technology.”
“Rust makes some of the most common security vulnerabilities impossible to introduce. And its adoption can’t happen soon enough…”
[A] A growing movement to write software in a language called Rust is gaining momentum because the code is significantly foolproof. By design, developers can’t accidentally create the most common types of exploitable security vulnerabilities while coding in Rust, a difference that can make a huge difference in the daily patch parade and ultimately the world’s mainstream cybersecurity….
[B]because Rust produces safer code [than C] and most importantly, it does not degrade performance to do so, the language is steadily gaining supporters and is now at a turning point. Microsoft, Google, and Amazon Web Services have been using Rust since 2019, and the three companies formed a non-profit organization. The Rust Foundation with Mozilla and Huawei in 2020 to maintain and develop the language. And after several years of intensive work, the Linux kernel took his first steps Last month to implement Rust support. “It’s going viral as a language,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “We invested in Rust at Android and at Google, and a lot of engineers were saying, ‘How do I start doing this?’ It’s great”…”
By writing new software in Rust, even amateur programmers can make sure they don’t introduce any memory safety bugs into their code…. These types of vulnerabilities aren’t just esoteric software bugs. Research and auditing have repeatedly found that they account for the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws when programming in Rust, the ability to patch memory security vulnerabilities is significant….
“Yes, it’s a lot of work, it’s going to be a lot of work, but how many trillions of dollars does the tech industry have, plus how many talented programmers? We have the resources,” says Josh Aas, CEO of Internet Security, a research group that runs Prossimo, as well as the storage security initiative. free certificate authority Let’s Encrypt. “The problems with just too much work are huge.”
Here’s how Dan Lorenz, CEO of software chain security company Chainguard, explains it Wired. “Over the decades that people have been coding in memory-dangerous languages, we’ve tried to improve and build better tools and teach people not to make these mistakes, but there are just limits to telling people to try harder. It actually works.
“So you need a new technology that makes a whole class of vulnerabilities impossible, and that’s what Rust finally brings to the table.”