Microsoft is starting to explore new programming languages to protect against security vulnerabilities. The company revealed it is turning to the systems programming language Rust to help developers build more reliable and efficient software.
Microsoft has long turned to languages like C++ and C# in their security efforts. C# has helped protect against memory corruption vulnerabilities, while C++ features a small memory and disk footprint, mature language, and predictable execution. The problem, however, is Microsoft is looking to gain all the benefits from C++ and C# in one language, and it believes Rust is the answer.
The programming language built by Mozilla is designed to run fast and be memory-efficient with no runtime or garbage collector. It features a rich type system and ownership model to guarantee memory safety and thread safety, according to the Rust team. Additionally, it provides documentation, a compiler with useful error messages, integrated package manager, and other tools to help boost developer productivity.
The latest version of Rust 1.36 was just released earlier this month with the stabilization of the future trait, alloc crate, and offline support in Cargo.
“If as an industry we truly care about security, we should be focusing on the tools of the developer, and not be too blindsided by all the security paraphernalia, hype, non-data driven ideologies, and outdated methods and approaches. Rather than providing guidance and tools for addressing flaws, we should strive to prevent the developer from introducing the flaws in the first place,” Gavin Thomas, principal security engineering manager for Microsoft Security Response Center, wrote in a post.