updated Microsoft Azure CTO Mark Russinovich was familiar with C and C++, proven programming languages often used for native applications that require high performance.
On Monday, Russinovich urged the tech industry to move beyond C/C++. “Speaking of languages, it’s time to stop starting new projects in C/C++ and use Rust for the scenarios where a non-[garbage collected] Language is required,” he said. “For security and reliability reasons, the industry should deprecate these languages.”
Speaking of languages, it's time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required. For the sake of security and reliability. the industry should declare those languages as deprecated.
— Mark Russinovich (@markrussinovich) September 19, 2022
Russinovich’s rejection of C/C++ comes as Linux inventor Linus Torvalds has reportedly confirmed that, barring unforeseen circumstances, Rust code will appear in version 6.1 of the Linux kernel, a long-awaited milestone. The Linux kernel is written in C, with some assembler and some glue scripts interspersed.
Rust, designed by Graydon Hoare as a hobby, began taking shape at Mozilla in 2006 and made its public debut in 2010. It started attracting serious attention as an alternative to C/C++ in 2015 with the release of Rust 1.0.
Since then, Rust has been the most popular programming language in the annual StackOverflow poll for seven years in a row – despite its reputation for being difficult to learn – and has been incorporated into projects at major tech companies.
Apple, Amazon, Google, Meta, and Microsoft, among many others, use Rust in some way or in production. Cloudflare recently raved about Pingora, its new HTTP proxy built with Rust that has increased performance and reduced CPU and memory usage.
Rust appears to be less prone to potential memory corruption bugs, making the software less vulnerable. Microsoft has been talking about ditching C/C++ and exploring Rust since at least 2019, and has developed its own cloud-centric memory-safe programming language called Project Verona. So Russinovich’s call to reject C/C++ is not without precedent.
According to Microsoft, about 70 percent of CVEs patched since 2006 are due to memory security issues. Eliminating these bugs would significantly improve software security while reducing the cost of remediating vulnerabilities.
The registry asked Microsoft if Russinovich’s recommendation would be adopted company-wide. Redmond declined to comment.
Rust alone does not guarantee that software is secure. It provides protection against memory security flaws, but does not eliminate other classes of vulnerabilities.
As the language documentation explains, “Rust contains both a safe and an unsafe programming language.” Developers can choose to write Unsafe Rust for specific tasks, and they can unintentionally create unsafe code. And Rust doesn’t address attack vectors that are outside the scope of sound software design, such as: B. Social engineering. Despite this, it has qualities that recommend it.
“Rust is growing in popularity because of its security, speed, and reliability, and it’s encouraging to see this support from such prominent leaders in the field,” said Rebecca Rumbul, executive director and CEO of the Rust Foundation, in an email to The registry. “We hope that this kind of support ultimately drives investment in Rust infrastructure and in the talented Rust community so Rust can continue to be safe, secure, and sustainable in the future.”
The registry asked Bjarne Stroustrup, the creator of C++, for comment. We’ll update this story when we get feedback. ®
Updated to add
Stroustrup contacted us and defended the language he invented.
“It’s not uncommon for people — leaders in particular — to fall in love with new and shiny things that promise to make their lives easier,” he told us.
“Also, supporting something new is much more exciting than tackling the known issues of older and well-known tools. Unfortunately, it usually takes many years and great effort before new languages can compete with mature languages in their wide range of applications. Enthusiasts rarely see this and tend to be rather one-sided in their comments.”
“Security is obviously critical in many contexts, so I’ve worked for years to increase security in C++,” the language’s creator continued.
We can now guarantee perfect type and memory safety in ISO C++. That is, each object is used according to the type with which it was defined
“We can now achieve guaranteed perfect type and memory safety in ISO C++. That is, each object is used according to the type with which it was defined. This means we eliminate the use of hanging pointers, catch range errors, and eliminate data races. Note that every “secure” language, including Rust, has loopholes that allow for insecure code.
Referring to this document, which he co-authored, Stroustrup said: “The basic idea of the core guidelines is to define a set of rules that must be followed to ensure safety, and then enforce them with static analysis. The rules are needed because they are arbitrary C or C++ code cannot be proven secure.
“The code is ISO standard C++ and people who don’t feel a need for security or who can’t update their code yet simply can’t run an analyzer. Partial implementations of such analyzers are available in Microsoft Visual Studio and Clang Tidy and elsewhere.”
“This is obviously a work in progress,” he added, “but so is the various attempts to replicate the flexibility and power of C++ in real-world applications at scale. There are billions of lines of C++ out there today.”
“Replacing them – or just making them safe (for a variety of definitions of ‘safe’) – is a daunting task. It’s important to do this gradually, or the vast mass of insecure C and legacy C++ code will remain. forever.’ Evolutionary approaches often succeed where revolutions fail at great cost.”
#Rust #trust #Microsoft #Azure #CTO #avoids
Leave a Comment