Mark Russinovich, Microsoft Azure’s Chief Technology Office (CTO), says developers should avoid using C or C++ programming languages in new projects due to security and reliability concerns and use Rust instead.
Rust, which reached version 1.0 in 2020 and was born at Mozilla, is now used in the Android Open Source Project (AOSP), at Meta, at Amazon Web Services, at Microsoft for parts of Windows and Azure, in the Linux kernel. and in many other places.
Engineers value its “memory security guarantees” that reduce the need to manually manage a program’s memory and in turn reduce the risk of memory-related vulnerabilities that plague large projects written in “memory-vulnerable” C or C++, including Chrome, Android , the Linux kernel and Windows.
Likewise: The most popular programming languages and where to learn them
Microsoft drove that point home in 2019 after revealing that 70% of its patches over the past 12 years were fixes for memory security bugs, largely due to the fact that Windows was primarily written in C and C++. Google’s Chrome team took its own findings from 2020 and revealed that 70% of all fatal security bugs in the Chrome codebase were memory management and security bugs. It is mainly written in C++.
“Unless something strange happens [Rust] will make it in 6.1,” Torvalds wrote, seemingly ending a long debate about Rust becoming a second language to C for the Linux kernel.
The Azure CTO’s only caveat about using Rust is that it’s preferable to C and C+ for new projects that require a GC (non-garbage-collected) language. GC engines handle memory management. Google’s Go is a garbage collection language, while the Rust project advertises that Rust is not. AWS engineers like Rust over Go because of the efficiency it offers without GC.
“Speaking of languages, it’s time to stop starting new projects in C/C++ and use Rust for the scenarios where a non-GC language is required. For security and reliability reasons, the industry should deprecate these languages.” Russinovich wrote.
Rust is a promising replacement for C and C++, especially for system-level programming, infrastructure projects, embedded software development, and more—but not everywhere and not in all projects.
Indeed, Russinovich added later: “There is an enormous amount of C/C++ that is maintained and developed over decades (or longer). Last night I coded a feature for Handle, adding to the approximately 85,000 lines of Sysinternals C/C++ code I’ve written. However, when it comes to new tools, I tend to use Rust.”
Rust is certainly progressing and will likely be included in the Linux kernel soon.
The Android Open Source Project (AOSP), a Linux distribution, started using Rust for new code in April 2021, but kept its C/C++ code base. This month, AOSP also supported calls to Rust as an option for new code in the Linux kernel.
Likewise: Here’s how to easily run websites as apps on Linux
Meta recently promoted Rust as the primary supported server-side language alongside C++. AWS invests in Rust for infrastructure software. Azure engineers have used it to create cloud tools for testing WebAssembly modules on Kubernetes. On the other hand, despite interest in Rust, the Chrome team is stuck with C++ for the foreseeable future; A simple switch to Rust would not eliminate a significant portion of the vulnerabilities for years, they said. Instead, Chrome brings memory security into its C++ code base.
Also, Rust shouldn’t be seen as a silver bullet for all the bad habits developers practice when coding in C or C++.
Bob Rudis, a cybersecurity researcher for GreyNoise Intelligence who was formerly at Rapid7, written down Developers can bring the same bad security habits to Rust.
“Considering what it takes (time/money/people/services) to make “real” C/C++ projects secure at any speed, I tend to agree [with Russinovich]. Still, it’s possible to bring the same bad practices to Rust,” he wrote.
ZDNet’s Steven J. Vaughan-Nichols largely agree with this feeling:
“As others have said, you can “securely” write in C or C++, but it’s a lot harder no matter what dialect you use than it is in Rust. Mind you, you can still compromise security in Rust, but it avoids it for many old memory problems.”