Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

The Redmond engineer hints at taking a super-lang for a spin

rust in peace memory bugs in c and c code cause security issues so microsoft is considering alternatives once again

Could Microsoft turn to Rust for system programming?

The Microsoft Security Response Center (MSRC) is becoming lyrical about the inherent risks in C and C ++ coding, arguing it may be time to get rid of "unsafe inherited languages" and move on to the more modern and safe.

The Redmond-based business has long been a C ++ store when it comes to programming that matters most to the company: the Windows operating system. The system and the main applications of Office, for example.

Gavin Thomas, Senior Manager of Security Engineering at MSRC, observed:

He added that "maybe it's time to discard unsecured inherited languages ​​and move on to modern, secure systems programming."

Microsoft has other programming languages ​​that are safer to use, thanks to the automatic management of memory. C # and the .NET family are one, and TypeScript, which compiles to JavaScript, is another. Microsoft and its customers widely use these languages, but they are not suitable for all purposes.

When Microsoft tried to rewrite the Windows shell, making extensive use of C # and Windows Presentation Foundation, for the first attempt at Vista (code name Longhorn), the result was incredibly slow and the company made a famous "reset" to the native code in 2004. Whether or not this was the fault of .NET, the memories are long and the experience was probably a factor in Windows The team created a new user interface layer for the side of the Windows 8 tablet using C ++, instead of adapting Silverlight, which was then used in Windows Phone.

"If only developers could have all the memory security guarantees of languages ​​like .NET C # combined with all the C ++ efficiencies, maybe we can," Thomas wrote.

The language you have in mind is Mozilla & # 39; s Rust, designed for system programming with an emphasis on speed, memory and thread security, and other security features.

  Someone riding a fancy rocket

In Rust we trust: Brave breaks the speed limit after rewriting the ad unit engine in super-lang

READ MORE

Thomas also promised that Microsoft will explore "Programming languages ​​of safer systems", starting with Rust, in another new series of blogs. That, in itself, is not of great importance. It is the implications of this post that are of greatest interest. Thomas wrote:

If that role goes beyond giving a lecture to the outside world about the benefits of not using C or C ++, and in the field of persuading the teams of internal developers to move away from the " inherited unsafe languages ​​", that has significant implications for the culture of the company.

There are, of course, ways to encode securely in C ++, using smart pointers, provided by the Standard Template Library (STL), or a garbage collection library, for example. In the past, Microsoft has focused on promoting secure coding practices and providing tools to detect problems. However, Thomas's point is that the prevention of memory errors is a burden for developers that can now be ignored.

That said, neither Microsoft nor the open source projects that Thomas refers to can easily change course. Existing code, the skills of developers and the huge ecosystem of tools and libraries around C and C ++ means that switching to more secure languages ​​is a slow and long-term process, even if there is a consensus that this is the right thing to do .

However, this is a remarkable statement from a small but influential corner of Microsoft and one that will be widely debated, as well as attracting more attention to Mozilla's Rust project. ®

Sponsored:
Balance consumerization and corporate control.

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.


Open

Close