The 'Viral' Secure Programming Language That's Taking Over Tech

These are not just software bugs. Most software security vulnerabilities are made up of them. The opportunity to eliminate memory safety vulnerabilities is significant because you can still make mistakes while programming in Rust.

"Memory safety issues are responsible for a huge, huge percentage of all reported vulnerabilities, and this is in critical applications like operating systems, mobile phones, and infrastructure." We have tried to improve and build better tooling and teach people how to not make these mistakes, but there are limits to how much telling people to try harder can actually work. Rust is finally bringing to the table a new technology that will make that entire class of vulnerabilities impossible.

Skeptics and detractors are part of Rust. The effort to implement Rust in Linux has been controversial, partly because adding support for any other language inherently increases complexity, and partly because of debates about how to make it all work. Proponents say that Rust is crucial because it meets a dire need and because it doesn't cause performance loss.

It's more that it's ready and less that it's the right choice. There are no real alternatives other than not doing anything at the moment. It would be a huge problem for the tech industry, national security, and everything else if they continued to use unsafe code.

It's one of the biggest challenges of the transition to Rust that developers have already spent decades writing in unsafe languages. It's not possible to write new software in Rust. Rust-based drivers are the programs that coordinate between an operating system and hardware.

The parts that you can't run in Java or other memory safe languages are usually the parts that you can't run in C, because of their performance. It's cool to be able to run Rust and still have the same performance. It is a journey, but it is one. We have to pick security-critical components and retrofit other things over time because you can't just rewrite 50 million lines of code.

A new version of the ultra-wideband chip stack, as well as the private internet communication feature, are all written in Rust, according to Kleidermacher. He says that the Android team is trying to convert these stacks to Rust because they are based on complex industry standards and have a lot of vulnerabilities. The strategy is to convert the most exposed software components to Rust first and then work from there.