Software Architect and Entrepreneur with 19+ years of experience building high-quality software products, ranging from large-scale enterprise software to high-performance embedded systems.
This article is bit misleading. Check the list of CVE listed for Rust cve.mitre.org/cgi-bin/cvekey.cgi?k.... Many of them are for the same vulnerabilites which are mentioned in the Article. By no means I am saying Rust is not a good language. All I want to point out is memory safety and in general resource safety issues cannot be fully avoided, just by moving to Rust. This is a much deeper topic. Claiming that moving to Rust will solve these problems is incorrect.
One primary reason is hardware itself is fundamentally unsafe.
Thanks for the comment. Rust provides a way to write memory unsafe code (which I have mentioned in the article) and with that anyone can end up with Rust code that causes CVEs but that is not the default, you have to explicitly write unsafe blocks for that. The chance of developers writing unsafe code in Rust is way less compared to C/C++ where the default is unsafe. And to be fair if you take a closer look, many of those CVEs are from crates that relies on underlying C code and some other are from non memory safety issues. And as I mentioned in the conclusion Rust is not a silver bullet and it would be hard to avoid writing unsafe code atleast when consuming underlying OS/hardware stuff but Rust does drastically reduce the possibility of memory safety issues by default and makes it easier to reason about unsafe code when you have to write them
hardware itself is fundamentally unsafe.
unless you are dealing with a broken cpu or something like that, there is nothing unsafe about hardware
if you write rust, you are safe behind all of its checks. yes, unsafe rust is a thing, but it allows us to make small abstractions over unsafe code, that can be proven to be safe to use; once this is done, any user of the code can be sure their rust code is safe as well
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This article is bit misleading. Check the list of CVE listed for Rust cve.mitre.org/cgi-bin/cvekey.cgi?k.... Many of them are for the same vulnerabilites which are mentioned in the Article. By no means I am saying Rust is not a good language. All I want to point out is memory safety and in general resource safety issues cannot be fully avoided, just by moving to Rust. This is a much deeper topic. Claiming that moving to Rust will solve these problems is incorrect.
One primary reason is hardware itself is fundamentally unsafe.
Thanks for the comment. Rust provides a way to write memory unsafe code (which I have mentioned in the article) and with that anyone can end up with Rust code that causes CVEs but that is not the default, you have to explicitly write unsafe blocks for that. The chance of developers writing unsafe code in Rust is way less compared to C/C++ where the default is unsafe. And to be fair if you take a closer look, many of those CVEs are from crates that relies on underlying C code and some other are from non memory safety issues. And as I mentioned in the conclusion Rust is not a silver bullet and it would be hard to avoid writing unsafe code atleast when consuming underlying OS/hardware stuff but Rust does drastically reduce the possibility of memory safety issues by default and makes it easier to reason about unsafe code when you have to write them
if you write rust, you are safe behind all of its checks. yes, unsafe rust is a thing, but it allows us to make small abstractions over unsafe code, that can be proven to be safe to use; once this is done, any user of the code can be sure their rust code is safe as well