|
|
|
|
|
|
by PaulDavisThe1st
612 days ago
|
|
|
Rust is a risk-reduction strategy. It is not a risk-elimination strategy. There are risk-reduction strategies one can follow with C++, which offer some fraction of the reduction that Rust does (opinions vary on the value of the fraction). Rust enforces risk-reduction strategies, which in some contexts may be of value all by itself. Language choice does not eliminate risks in software. |
|
|
They don't really. It's been shown by many studies that 2/3 of security bugs are memory safety errors. That's the minimum that Rust can eliminate.
It actually should eliminate more because it also has the strong type system and tree-ownership style that help reduce the chance of logic bugs unrelated to memory safety too (similar to Haskell and other very strongly typed languages).
This is probably the biggest data set:
https://security.googleblog.com/2024/09/eliminating-memory-s...
Unfortunately they don't break out non-memory safety vulnerabilities, but they've almost eliminated memory safety vulnerabilities by writing new code in Rust.