Here’s another reason why Rust is the present and the future in programming. Few days ago, Microsoft announced that they are going to start exploring Rust and skip their own C languages. This announcement was made by the Principal Security Engineering Manager of Microsoft Security Response Centre (MSRC), Gavin Thomas.
Thomas states that ~70% of the vulnerabilities which Microsoft assigns a CVE each year are caused by developers, who accidently insert memory corruption bugs into their C and C++ code.
He adds, “As Microsoft increases its code base and uses more Open Source Software in its code, this problem isn’t getting better, it’s getting worse. And Microsoft isn’t the only one exposed to memory corruption bugs—those are just the ones that come to MSRC.”
Image Source: Microsoft blog
He highlights the fact that even after having so many security mechanisms (like static analysis tools, fuzzing at scale, taint analysis, many encyclopaedias of coding guidelines, threat modelling guidance, etc) to make a code secure, developers have to invest a lot of time in studying about more tools for training and vulnerability fixes.
Thomas states that though C++ has many qualities like fast, mature, small memory and disk footprint, it does not have the memory security guarantee of languages like .NET C#. He believes that Rust is one language, which can provide both the requirements.
Thomas strongly advocates that a software security industry should focus on providing a secure environment for developers to work on, rather than turning deaf ear to the importance of security, outdated methods and approaches.
He thus concludes by hinting that Microsoft is going to adapt the Rust programming language. As he says that, “Perhaps it’s time to scrap unsafe legacy languages and move on to a modern safer system programming language?”
Microsoft exploring Rust is not surprising as Rust has been popular with many developers for its simpler syntax, less bugs, memory safe and thread safety. It has also been voted as the most loved programming language, according to the 2019 StackOverflow survey, the biggest developer survey on the internet. It allows developers to focus on their applications, rather than worrying about its security and maintenance.
Developers couldn’t agree more with this post, as all have expressed their love for Rust.
This is huge! Glad to see #rustlang getting an endorsement from Microsoft’s security response team. The most important part is the graph, showing roughly 70% of the CVE’s they see are due to memory safety failures. https://t.co/T7i2w5dtr2
— Andrew Lilley Brinker (@alilleybrinker) July 17, 2019
that's huge kudos to @rustlang community and contributors
— Karan Ganesan (@karanganesan) July 17, 2019
— Shah Sheikh (@shah_sheikh) July 17, 2019
A Redditor says, “While this first post is very positive about memory-safe system programming languages in general and Rust in particular, I would not call this an endorsement. Still, great news!”
Visit the Microsoft blog for more details.