Hacker News new | comments | show | ask | jobs | submit login

tptacek, I've been meaning to ask this question to someone with some extensive security experience: Is there a compelling story for security researchers and engineers for low-level languages with an emphasis on memory safety (like Rust or Cyclone)? From my admittedly limited perspective, it seems like it could eliminate a lot of mistakes that lead to insecure software, but then again, I don't know how common memory-flaw exploits are.



> From my admittedly limited perspective, it seems like it could eliminate a lot of mistakes that lead to insecure software, but then again, I don't know how common memory-flaw exploits are.

We have done measurements on this for Firefox code. 100% of the security vulnerabilities for Web Audio were memory safety flaws.


How many bugs in total? And, memory safety that Rust would've protected against?


I forget the exact number, but it was at least 20. And I believe they concluded that, yes, Rust would have caught them. I'll need to ask pcwalton to be sure though.


Absolutely it does.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: