Mark Russinovich, Microsoft Azure’s Chief Technology Office (CTO), says developers should avoid using C or C ++ programming languages in new projects and use Rust instead due to security and reliability concerns.
Rust, which reached version 1.0 in 2020 and originated in Mozilla, is now used within the Android Open Source Project (AOSP), at Meta, Amazon Web Services, Microsoft for parts of Windows and Azure, in the Linux kernel , and in many other places.
Engineers appreciate its “memory security guarantees”, which reduce the need to manually manage a program’s memory and, in turn, reduce the risk of memory-related security holes affecting large projects written in “memory.” unsafe “C or C ++, which includes Chrome, Android, the Linux kernel, and Windows.
Also: The most popular programming languages and where to learn them
Microsoft reached this point in 2019 after revealing that 70% of its patches over the past 12 years were memory security bug fixes due in large part to Windows being written primarily in C and C ++. The Google Chrome team evaluated their results in 2020, revealing that 70% of all serious security bugs in Chrome’s code base were memory management and security bugs. It is mainly written in C ++.
“Unless something strange happens [Rust] will enter 6.1, ”Torvalds wrote, apparently ending a long debate over whether Rust has become a second C language for the Linux kernel.
The only Azure CTO qualifier on using Rust is that it was preferred over C and C + for new projects that require a non-Garbage Collected (GC) language. GC engines handle memory management. Google’s Go is a waste collection language, while the Rust project promotes that Rust is not. AWS engineers appreciate Rust over Go for the efficiency it delivers without GC.
“Speaking of languages, it’s time to stop starting new projects in C / C ++ and use Rust for those scenarios where a non-GC language is required. For security and reliability reasons, the industry should declare these languages as deprecated. ”Wrote Russinovich.
Rust is a promising replacement for C and C ++, especially for system-level programming, infrastructure projects, embedded software development, and more, but not everywhere and not in all projects.
Indeed, Russinovich added later: “There is a huge amount of C / C ++ that will be maintained and evolved for decades (or more). Last night I coded a feature for Handle, adding to the approximately 85,000 lines of Sysinternals C / C ++ code I wrote. That said, I will prefer Rust for the new instruments. “
Rust is definitely moving forward and is likely to be in the Linux kernel soon.
The Android Open Source Project (AOSP), a Linux distribution, began using Rust on the new code in April 2021, but left its C / C ++ code base in place. That month, AOSP also supported calls for Rust as an option for new code in the Linux kernel.
Also: How to easily run websites as apps in Linux
Meta recently promoted Rust as the primary supported server-side language alongside C ++. AWS invests in Rust for infrastructure software. Azure engineers used it to build cloud tools to test WebAssembly modules in Kubernetes. On the other hand, the Chrome team is tied to C ++ for the foreseeable future, despite the interest in Rust; simply switching to Rust would not eliminate a significant portion of security vulnerabilities for years, they said. Instead, Chrome is bringing memory security into its C ++ code base.
Also, Rust shouldn’t be seen as a silver bullet for all the bad habits developers practice when coding in C or C ++.
Bob Rudis, a cybersecurity researcher for GreyNoise Intelligence, who was previously with Rapid7, noticed developers can pass on the same bad security habits to Rust.
“Given how long it takes (time / money / people / services) to secure” real “C / C ++ projects at any speed, I tend to agree [with Russinovich]. That said, it is possible to bring the same bad practices to Rust, “she wrote.
Steven J. Vaughan-Nichols of ZDNet widely agreed with that feeling:
“As others have said, you can write” safely “in C or C ++, but it is much more difficult, no matter what dialect you use, than in Rust. Mind you, you can still compromise security in Rust, but avoid a lot of old memory problems. “