this post was submitted on 27 Sep 2024
244 points (98.0% liked)

Rust

6034 readers
3 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

[email protected]

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
snowe
Ategon
EdTheLegendary
kahnclusions
torcherist
244
Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52% (thehackernews.com)
submitted 1 month ago by snaggen to c/rust
36 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Kissaki 4 points 1 month ago

Because I stumbled over this paragraph (the page is linked to from Googles announcement) and was reminded of this comment, I'll quote it here:

First, developer education is insufficient to reduce defect rates in this context. Intuition tells us that to avoid introducing a defect, developers need to practice constant vigilance and awareness of subtle secure-coding guidelines. In many cases, this requires reasoning about complex assumptions and preconditions, often in relation to other, conceptually faraway code in a large, complex codebase. When a program contains hundreds or thousands of coding patterns that could harbor a potential defect, it is difficult to get this right every single time. Even experienced developers who thoroughly understand these classes of defects and their technical underpinnings sometimes make a mistake and accidentally introduce a vulnerability.

I think it's a fair and correct assessment.