Microsoft’s chief technology officer for cloud services, Mark Russinovich, advocated this week that developers should stop starting new projects based on the C and C++ programming languages. Instead, for security and reliability reasons, they should use the Rust programming language in those cases where a language that is not based on “garbage collection”, which is a form of automatic memory management, is needed.
Not memory safe
Some of the most widely used software in the world, including many operating systems and browsers, is written precisely in C or C++. These are programming languages that are not “memory safe”. The languages give developers great freedom and predictable performance, but also considerable responsibility, including ensuring memory management. A large proportion of the vulnerabilities discovered in C/C++-based software are due to deficiencies in this area.
Automatic memory management with garbage collection requires additional resources and may lead to unpredictable interruptions in the execution of the software. This plays little role in many cases, but a big role in quite a few others.
Rust, a programming language originally created at Mozilla, is considered memory-safe without using garbage collection. The language has recently emerged as a good alternative to C/C++, although it is probably still considered young and perhaps immature by some.
Among other things, everything suggests that code written in Rust will be included in the official Linux kernel in version 6.1 for the first time. Long before this, Google opened up the possibility of including Rust code in the Linux kernel used by Android.
Decades of continued maintenance
In a later tweet, Russinovich specifies that there are huge amounts of C/C++ code that will continue to be maintained and further developed for many decades to come. This also includes the Sysinternals tools for which Russinovich is perhaps best known.