The Rise of Rust, the “viral” secure programming language that dominates technology
These types of vulnerabilities are not just esoteric software bugs. Research and audit have repeatedly found that they constitute the majority of software weaknesses. So, while you can still make mistakes and create security holes while programming in Rust, the opportunity to eliminate memory security vulnerabilities is important.
“Memory security issues are responsible for a very large proportion of all reported vulnerabilities, and this occurs in critical applications such as operating systems, mobile phones, and infrastructure,” says Dan Lorink, CEO of supply chain security, Chainguard. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tools and teach people how not to make these mistakes, but there are only limits to how much people can actually try harder. So you need new technology that makes This whole class of vulnerabilities is impossible, and that’s what Rost finally brings to the table.”
Rust is not without its skeptics and detractors. The effort over the past two years to implement Rust in Linux has been controversial, partly because adding support for any other language inherently increases complexity, and partly because of discussions about how, specifically, to make it all work. But supporters assert that Rust has the necessary elements – it does not cause a loss in performance, works well with programs written in other languages - and that it is necessary simply because it meets a great need.
“It’s not about making the right choice but about being more ready,” says Lorenc, a longtime open source researcher and contributor. “There are no real alternatives at the moment, other than doing nothing, and that is not an option anymore. Continuing to use insecure token in memory for another decade is going to be a huge problem for the tech industry, national security and everything.”
One of the biggest challenges of moving to Rust though, is exactly all the decades developers have already spent writing vital code in memory-insecure languages. Writing new programs in Rust does not address this huge backlog. The Linux kernel, for example, starts in the periphery by supporting Rust-based drivers, which are programs that coordinate between the operating system and hardware such as a printer.
“When using operating systems, speed and performance are always first and foremost concerns, and the parts you run in C++ or C are usually parts you can’t run in Java or other memory-safe languages, because of performance,” says Google’s Kleidermacher . “So being able to run Rust and have the same performance but have a secure memory is really nice. But it’s a journey. You can’t go and rewrite 50 million lines of code overnight, so we carefully select critical security components, and over time we’ll tweak Other things “.
On Android, Kleidermacher says that a lot of the cryptographic key management features are now written in Rust, as is the private Internet connection feature DNS over HTTPS, a new version of the new Ultra-wideband chipset stack. Android Virtualization Framework Used in Google’s custom Tensor G2 chips. He adds that the Android team is increasingly switching connectivity packets like those for Bluetooth and Wi-Fi to Rust because they are based on complex industry standards and tend to It contains many weaknesses. In short, the strategy is to start getting additional security benefits from switching the most vulnerable or vital software components to Rust first and then work inside out from there.
#Rise #Rust #viral #secure #programming #language #dominates #technology