Should you prefer the Rust language to C and C++ in your future projects? In any case, this is the opinion of Mark Russinovich, Chief Technology Officer of Microsoft Azure, for whom developers should avoid using C or C++ programming languages in new projects and use Rust instead for security and reliability reasons.
Rust is now used in the Android Open Source Project (AOSP), Meta, Amazon Web Services, Microsoft for parts of Windows and Azure, the Linux kernel, and many other places. This language born from Mozilla’s side is appreciated today for its “memory safety guarantees”, which reduce the need to manually manage a program’s memory and thus the risk of security vulnerabilities related to loads of memory in large projects written in “insecure memory” C or C++, including Chrome, Android, Linux kernel, and Windows.
Microsoft made that point in 2019 after revealing that 70% of its patches over the last 12 years were memory security bug fixes, largely because Windows is primarily written in C and C++. Google’s Chrome team came up with their own findings in 2020, revealing that 70% of all serious security bugs in the Chrome codebase were security and memory management bugs. The code is mainly written in C++.
A perfect successor to C and C++?
Azure CTO’s only reservation about using Rust is that it is better than C and C+ for new projects that require a non-GC (non-garbage collected) language. GC engines handle memory management. Go, Google’s language, is a garbage collection language, while the Rust project claims the opposite. AWS engineers prefer Rust to Go because of the efficiencies it offers without GC.
“Speaking of languages, it’s time to stop starting any new projects in C/C++ and use Rust for scenarios where a non-GC language is needed. For security and reliability reasons, the industry should declare these languages obsolete”, indicates the leader. For the latter, Rust is a promising successor to C and C++, especially for systems-level programming, infrastructure projects, embedded software development, and more, but not everywhere and for all projects.
As a reminder, Meta recently touted Rust as the main supported server-side language, along with C++. AWS invests in Rust for infrastructure software. Azure engineers used it to build cloud tools for testing WebAssembly modules on Kubernetes. On the other hand, the Chrome team is tied to C++ for the foreseeable future, despite the interest in Rust; simply switching to Rust wouldn’t remove a significant proportion of security vulnerabilities for years, says Google. Instead, Chrome provides memory safety to its C++ code base.
Font : ZDNet.com