Dumb stuff in Rust has to be explicitly marked with unsafe. Meaning if you review the code you have to focus on only a couple of lines instead of the whole project.
You can of course still write lots of other bugs in Rust, but C-style buffer overflows are impossible in Rust, which eliminates the majority of security issues.
You can do dumb stuff with Rust as well.
But it’s harder and easier to spot.
You’ll never be 100% safe, but a proper lock is better than a “plz no steal” note.
Yes, it was just discovered on this year’s POPL that rust’s type system is not sound with respect to deadlock freedom.
https://dl.acm.org/doi/abs/10.1145/3571229
(of course this is not arguing that everyone should stay on C or CPP, just confirming the point that Rust will allow stupid things.
Dumb stuff in Rust has to be explicitly marked with
unsafe. Meaning if you review the code you have to focus on only a couple of lines instead of the whole project.You can of course still write lots of other bugs in Rust, but C-style buffer overflows are impossible in Rust, which eliminates the majority of security issues.