![]() "To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code," said Vander Stoep, who wisely admitted that this probably won't be the case forever. This includes about 1.5 million lines of Rust code in the Android Open Source Project (AOSP), consisting of components like Keystore2, the new Ultra-wideband (UWB) stack, and DNS-over-HTTP3 that in prior years would have been written in C++.Īnd so far, Rust has delivered. In Android 13, roughly 21 percent of new native code is written in Rust. AI co-programmers perhaps won't spawn as many bugs as feared.Rust is eating into our systems, and it's a good thing.NSA urges orgs to use memory-safe programming languages.Is it time to retire C and C++ for Rust in new programs?.But while such measures have contributed to the decline in memory safety bugs, he argues that most of the vulnerability reduction should be attributed to the transition toward memory safe languages. And he says Google has increased its use of fuzzing. Google, says Vander Stoep, continues to invest in tools to write safer C/C++ code, pointing to the Scudo hardened allocator, HWASAN, GWP-ASAN, and KFENCE on Android devices. As Stroustrup sees it, helping C++ evolve makes more sense than deprecating the language and leaving unsafe code untended. At the time, Bjarne Stroustrup, creator of C++, challenged Russinovich's guidance by pointing out that type and memory safety can be had in ISO standard C++, enforced by a static analysis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |