tptacek, I've been meaning to ask this question to someone with some extensive security experience: Is there a compelling story for security researchers and engineers for low-level languages with an emphasis on memory safety (like Rust or Cyclone)? From my admittedly limited perspective, it seems like it could eliminate a lot of mistakes that lead to insecure software, but then again, I don't know how common memory-flaw exploits are.
> From my admittedly limited perspective, it seems like it could eliminate a lot of mistakes that lead to insecure software, but then again, I don't know how common memory-flaw exploits are.
We have done measurements on this for Firefox code. 100% of the security vulnerabilities for Web Audio were memory safety flaws.
I forget the exact number, but it was at least 20. And I believe they concluded that, yes, Rust would have caught them. I'll need to ask pcwalton to be sure though.
