[jancsika]

> There are long lasting bridges made of stone, concrete and in the right climates, even wood. Not to mention rope when it suits the purpose.

I'd be fine with someone building a new browser out of stone, concrete, wood, or even rope.

Just don't build it out of C/C++ because those languages aren't memory safe.

[PaulDavisThe1st]

Rust is a risk-reduction strategy. It is not a risk-elimination strategy.

There are risk-reduction strategies one can follow with C++, which offer some fraction of the reduction that Rust does (opinions vary on the value of the fraction). Rust enforces risk-reduction strategies, which in some contexts may be of value all by itself.

Language choice does not eliminate risks in software.

[IshKebab]

> opinions vary on the value of the fraction

They don't really. It's been shown by many studies that 2/3 of security bugs are memory safety errors. That's the minimum that Rust can eliminate.

It actually should eliminate more because it also has the strong type system and tree-ownership style that help reduce the chance of logic bugs unrelated to memory safety too (similar to Haskell and other very strongly typed languages).

This is probably the biggest data set:

https://security.googleblog.com/2024/09/eliminating-memory-s...

Unfortunately they don't break out non-memory safety vulnerabilities, but they've almost eliminated memory safety vulnerabilities by writing new code in Rust.