[tptacek]

I've spent most of my career, which started around 1995, as a security researcher. I think you'd be surprised by how poor a job "the arena" does at sussing out complicated memory lifecycle problems in C and C++ code. Some of the patterns we now look for to find exploitable conditions aren't even all that old; much of that "arena time" was spent not even looking for those problems. Security teams at places like Google subject C/C++ code to fuzzing at boggling scales, and people still find memory safety vulnerabilities. Shit's hard. It's better just not to have this problem in the first place.

I'm not stamping my feet demanding you track down a Rust web browser. But the thread started with someone asking what the point of a Rust NTP daemon was. I think that's been amply answered now.