Google hails move to Rust for huge drop in memory vulnerabilities
Google has hailed Rust, a memory safe programming language, as a significant factor in its ability to cut down on vulnerabilities as part of its Safe Coding initiative.
Memory access vulnerabilities often occur in programming languages that are not memory safe. In 2019, memory safety issues accounted for 76% of all Android vulnerabilities.
In response, many developers and tech giants are moving towards using memory safe languages that help them produce secure-by-design software and technology.
In its blog, Google presented a simulation of the transition to memory safe languages through the gradual use of memory safe code in new projects and developments over a five year period. The results showed that despite a gradual rise in code being written in memory unsafe languages, memory safety vulnerabilities dropped significantly.
This, Google says, is because vulnerabilities decay exponentially. New code that is written in memory unsafe languages often contains bugs and vulnerabilities, but as the code is reviewed and refreshed vulnerabilities are gradually removed making the code safer over time. Ergo, the main source of vulnerabilities is new code, and by prioritizing the use of memory safe programming languages when starting new projects and developments, the number of vulnerabilities drops significantly.
