Security News > 2024 > February > Rust can help make software secure – but it's no cure-all

Rust can help make software secure – but it's no cure-all
2024-02-08 07:28

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.

So while coding with Rust can help reduce memory safety vulnerabilities, it won't fix everything.

Ai has analyzed CISA's Known Exploited Vulnerabilities in 2023 and found, as chief attack engineer Zach Hanley put it, that "Rust won't save us, but it will help us."

While memory safety vulnerabilities may not have been the largest source of problems last year, they tend to have a significant impact because they're often identified at the time they're first actively exploited, before patches have been prepared.

So while coding in Rust will help, more attention needs to be paid to the risks complex software presents.

Amid the rush to Rust - which has Microsoft recruiting developers to rewrite C# code in Rust and Google donating to improve Rust tooling - it's easy to forget that security is a process, rather than a product.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/08/rust_software_memory_safety/