These types of vulnerabilities are not just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate security vulnerabilities from memory is significant.
“Memory security issues are responsible for a huge, huge percentage of all reported vulnerabilities, and this occurs in critical applications like operating systems, mobile phones, and infrastructure,” says Dan Lorenc, CEO of security company the Chainguard software supply chain. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tools and teach people how not to make these mistakes, but there are limits to what you can tell the people who try harder. it actually works. So you need a new technology that makes all those kinds of vulnerabilities impossible, and that’s what Rust is finally bringing to the table.”
Rust is not without its skeptics and detractors. The effort of the last two years to implement Rust on Linux has been controversial, partly because adding support for any other language inherently increases complexity, and partly because of debates about how, specifically, to make it all work. But proponents emphasize that Rust has the necessary elements, causes no performance loss, and interacts well with software written in other languages, and that it is crucial simply because it fills a dire need.
“It’s less that it’s the right choice and more that it’s ready,” says Lorenc, a longtime open source researcher and contributor. “There are no real alternatives at the moment, other than doing nothing, and that is no longer an option. Continuing to use memory-insecure code for another decade would be a huge problem for the tech industry, for national security, for everything.”
However, one of the biggest challenges of transitioning to Rust is precisely how many decades developers have already spent writing vital code in languages that aren’t memory-safe. Writing new software in Rust doesn’t address that massive buildup. The Linux kernel implementation, for example, starts at the periphery by supporting Rust-based drivers, the programs that coordinate between an operating system and hardware like a printer.
“When you work with operating systems, speed and performance are always top of mind, and the parts you run in C++ or C are often the parts you simply can’t run in Java or other memory-safe systems. languages, due to performance,” says Google’s Kleidermacher. “So to be able to run Rust and have the same performance but get memory security is really cool. But it is a journey. You can’t go and rewrite 50 million lines of code overnight, so we’re carefully choosing security-critical components and over time we’ll update other things.”
On Android, Kleidermacher says many encryption key management features are now written in Rust, like the DNS over HTTPS private Internet communication feature, a new version of the ultra-broadband chip stack, and the new Android framework. Android virtualization used on Google’s custom Tensor G2 Chips. He adds that the Android team is increasingly turning connectivity stacks like Bluetooth and Wi-Fi to Rust because they are based on complex industry standards and tend to contain many vulnerabilities. In short, the strategy is to start getting incremental security benefits by converting the most exposed or vital software components to Rust first and then working inwards from there.
Source: news.google.com