[blub]

I peruse Android system code at work and their C++ code base is not designed for safety. It’s just typical C++ code as any large company would write it.

And for a large juicy target like Android, that won’t be good enough to stay ahead of the attackers long term.

Of course, tools like Fil-C or hardware-based security might make Rust vs. C or C++ moot.

Edit: your comment makes a good point. Shame that trigger-happy (c)rustaceans are downvoting everything in sight which is not praising this PR piece disguised as a technical blogpost.

[surajrmal]

While crashing is better than exploitable behavior, catching bugs at compile time is even better. Neither hardware based strategies nor filc actually find bugs at compile time. Also the conversation with respect to security isn't about migrating old code, but what to use for new code that you write.

I will note that developers also feel more productive in rust. That's why they migrate existing things over to it even when it may not be beneficial for security.