2 min read

Here’s another reason why Rust is the present and the future in programming. Few days ago, Microsoft announced that they are going to start exploring Rust and skip their own C languages. This announcement was made by the Principal Security Engineering Manager of Microsoft Security Response Centre (MSRC), Gavin Thomas.

Thomas states that ~70% of the vulnerabilities which Microsoft assigns a CVE each year are caused by developers, who accidently insert memory corruption bugs into their C and C++ code.

He adds, “As Microsoft increases its code base and uses more Open Source Software in its code, this problem isn’t getting better, it’s getting worse. And Microsoft isn’t the only one exposed to memory corruption bugs—those are just the ones that come to MSRC.”

Image Source: Microsoft blog

He highlights the fact that even after having so many security mechanisms (like static analysis tools, fuzzing at scale, taint analysis, many encyclopaedias of coding guidelines, threat modelling guidance, etc) to make a code secure, developers have to invest a lot of time in studying about more tools for training and vulnerability fixes.

Thomas states that though C++ has many qualities like fast, mature, small memory and disk footprint, it does not have the memory security guarantee of languages like .NET C#. He believes that Rust is one language, which can provide both the requirements.

Thomas strongly advocates that a software security industry should focus on providing a secure environment for developers to work on, rather than turning deaf ear to the importance of security, outdated methods and approaches.

He thus concludes by hinting that Microsoft is going to adapt the Rust programming language. As he says that, “Perhaps it’s time to scrap unsafe legacy languages and move on to a modern safer system programming language?”

Microsoft exploring Rust is not surprising as Rust has been popular with many developers for its simpler syntax, less bugs, memory safe and thread safety. It has also been voted as the most loved programming language, according to the 2019 StackOverflow survey, the biggest developer survey on the internet. It allows developers to focus on their applications, rather than worrying about its security and maintenance.

Recently, there have been many applications written in Rust, like Vector, Brave ad-blocker, PyOxidizer and more.

Developers couldn’t agree more with this post, as all have expressed their love for Rust.

A Redditor says, “While this first post is very positive about memory-safe system programming languages in general and Rust in particular, I would not call this an endorsement. Still, great news!”

Visit the Microsoft blog for more details.

Read Next

Introducing Ballista, a distributed compute platform based on Kubernetes and Rust

EU Commission opens an antitrust case against Amazon on grounds of violating EU competition rules

Fastly CTO Tyler McMullen on Lucet and the future of WebAssembly and Rust [Interview]