Security News > 2021 > April > Cost of Sandboxing Prompts Shift to Memory-Safe Languages. A Little Too Late?
NEWS ANALYSIS: Google's decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development.
Just 13 years after Google introduced the sandbox in Chrome touting "a new approach in browser security," the company is now blaming the limitations - and high processing cost - of sandboxing for a new decision to promote Rust as the low-level programming language of choice for the Android operating system.
Now, there's a shift to using memory-safe languages to effectively eliminate memory corruption as a bug class.
The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory corruption bugs.
Rust provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid.
Memory safety issues will continue to haunt the security landscape for decades to come but there is optimism that a combination of new technology - especially around memory tagging - and the adoption of safer programming languages will point to a brighter future.