Mark Russinovich, chief technical officer (CTO) of Microsoft Azure, said developers should avoid using C or C++ programming languages in new projects and instead use Rust for security and reliability reasons.
Rust, which reached version 1.0 in 2020 and was born at Mozilla, is now used in the Android Open Source Project (AOSP), at Meta, at Amazon Web Services, at Microsoft for parts of Windows and Azure, in the kernel Linux, and many other places.
Engineers appreciate its “memory safety safeguards”, which reduce the need to manually manage a program’s memory and, in turn, reduce the risk of memory-related security vulnerabilities that plague large written projects. in “insecure memory” C or C++, which includes Chrome, Android, Linux kernel and Windows.
Also: The most popular programming languages and where to learn them
Microsoft brought this point home in 2019 after revealing that 70% of its patches over the past 12 years were fixes for memory security bugs due in large part to the fact that Windows was primarily written in C and C++. Google’s Chrome team weighed their own findings in 2020, revealing that 70% of all serious security bugs in the Chrome code base were memory management and security bugs. It is written primarily in C++.
“Unless something strange happens, he [Rust] will turn it into 6.1,” Torvalds wrote, seemingly ending a long-running debate about Rust becoming a second language to C for the Linux kernel.
Azure CTO’s only qualifier for using Rust was that it was preferred over C and C+ for new projects that required uncollected language (GC). GC engines handle memory management. Google’s Go is a garbage collection language, while the Rust project promotes that Rust is not. AWS engineers love Rust over Go because of the efficiency it offers without GC.
“Speaking of languages, it’s time to stop starting any new project in C/C++ and use Rust for scenarios where a non-GC language is required. For security and reliability reasons, the industry should declare these languages obsolete,” Russinovich wrote.
Rust is a promising replacement for C and C++, especially for system-level programming, infrastructure projects, embedded software development, etc., but not everywhere and not in all projects.
Indeed, Russinovich added later: “There is a huge amount of C/C++ out there that will be maintained and evolved for decades (or more). Last night I coded a feature for Handle, adding to the roughly 85,000 lines of Sysinternals C/C++ code that I’ve written. That said, I’ll favor Rust for new tools.”
Rust is definitely moving forward and will probably be in the Linux kernel soon.
The Android Open Source Project (AOSP), a Linux distribution, started using Rust on new code in April 2021, but left its C/C++ code base in place. That month, AOSP also supported calls for Rust as an option for new code in the Linux kernel.
Also: How to Easily Run Websites as Apps in Linux
Meta recently promoted Rust as the main server-side language supported alongside C++. AWS invests in Rust for infrastructure software. Azure engineers used it to build cloud tools for testing WebAssembly modules in Kubernetes. On the other hand, the Chrome team is tied to C++ for the foreseeable future, despite interest in Rust; simply switching to Rust would not eliminate a significant proportion of security vulnerabilities for years, they said. Instead, Chrome brings memory safety to its C++ codebase.
Also, Rust shouldn’t be seen as a silver bullet for all the bad habits developers adopt when coding in C or C++.
Bob Rudis, cybersecurity researcher for GreyNoise Intelligence, who was formerly at Rapid7, Noted developers can pass the same bad security habits onto Rust.
“Given what it takes (time/money/people/services) to make ‘real’ C/C++ projects secure at any speed, I tend to agree [with Russinovich]. That said, it is possible to bring the same bad practices to Rust,” he wrote.
ZDNet’s Steven J. Vaughan-Nichols widely agreed with this feeling:
“As others have said, you can ‘safely’ write in C or C++, but it’s much more difficult, whatever dialect you’re using, than it is in Rust. Note that you can still compromise security in Rust, but it avoids a lot of old memory issues.”