> (excuse me, "unsafe Rust", as if that were a different thing)
They are - there is a world of difference between the two. From a security perspective the ability to audit unsafety explicitly is massive. Right now we rely on intuition and fuzzing at large scale to try to cover massive parts of a codebase. With explicit unsafety you can limit your checks to a subset of modules, rather than the entire program. Massive, massive difference that can not be understated.
> if Rust gains any genuine traction and widespread use it is very likely they'll exist "in the wild" and as exploits waiting to be discovered.
Naturally. But this certainly isn't worse than where we are now - where languages make 0 effort to be safe, or have far too much historic baggage to do it meaningfully.
Beyond that, rust's attitude towards security is pretty positive. Rust has been quick to adopt LLVM sanitizer support, fuzzer support for AFL and cargo-fuzz, and new mitigation techniques such as safestack. With rust's updates coming out quickly you get access to these in a matter of weeks/ months as opposed to years.
Rust isn't a cure-all, no one should be calling it one. But your response is overly pessimistic.
I mostly agree, but I think pessimism and skepticism are very much warranted in the area of security especially. Perhaps doubly so with new languages, and even more with new languages that purport to be safe(r).
They are - there is a world of difference between the two. From a security perspective the ability to audit unsafety explicitly is massive. Right now we rely on intuition and fuzzing at large scale to try to cover massive parts of a codebase. With explicit unsafety you can limit your checks to a subset of modules, rather than the entire program. Massive, massive difference that can not be understated.
> if Rust gains any genuine traction and widespread use it is very likely they'll exist "in the wild" and as exploits waiting to be discovered.
Naturally. But this certainly isn't worse than where we are now - where languages make 0 effort to be safe, or have far too much historic baggage to do it meaningfully.
Beyond that, rust's attitude towards security is pretty positive. Rust has been quick to adopt LLVM sanitizer support, fuzzer support for AFL and cargo-fuzz, and new mitigation techniques such as safestack. With rust's updates coming out quickly you get access to these in a matter of weeks/ months as opposed to years.
Rust isn't a cure-all, no one should be calling it one. But your response is overly pessimistic.