Technology peripherals
AI
The White House issued a document calling on developers to abandon C and C++: Rust was 'hand-picked' for memory safety
The White House issued a document calling on developers to abandon C and C++: Rust was 'hand-picked' for memory safety
Recently, the White House Office of the National Cyber Director (ONCD) made an important point in a 19-page report: developers should use memory-safe programming languages, such as the Rust language. The report points out that choosing a memory-safe programming language is a key way to ensure that software is developed in a secure-by-design manner.
ONCD also pointed out that the recommendations in the report were developed in collaboration with technology companies, academia and other institutions, and have the support of a number of well-known technology companies, including HP, Accenture and Palantir.
Report address: https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical- Report.pdf
In fact, this is not the first time that an official US agency has called for the abandonment of C and C.
Last December, the U.S. Cybersecurity and Infrastructure Agency (CISA), together with other agencies, released a "Memory Security Roadmap Guidance", pointing out C and C as memory incompatible Safe programming languages emphasize that software developers should adopt other memory-safe programming languages such as Rust and Java. The purpose of this guide is to increase awareness of memory safety issues in software development and encourage the adoption of more reliable programming languages to reduce potential security vulnerabilities. CISA specifically emphasizes the importance of adopting memory-safe programming languages as this helps reduce the risk of malicious attacks and data leaks. This move is also to promote the development of the software development industry in a more secure and reliable direction,
Source: https://www.cisa.gov /sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf
Abandon C and C, turn to Rust, just for memory safety
It is important to emphasize the use of memory-safe programming languages because memory safety prevents problems such as buffer overflows and dangling pointers, which can lead to bugs and vulnerabilities. Therefore, it is crucial to understand the concept of memory safety.
How harmful is memory insecurity? In 2019, Microsoft security engineers reported that approximately 70% of security issues were caused by memory safety issues. In 2020, Google reported similar data for bugs discovered in the Chromium browser.
For programming languages, both C and C allow arbitrary pointer arithmetic using direct memory addresses without bounds checking. The report states that experts have found some programming languages, represented by C and C, that both lack memory safety-related features and are highly pervasive in some critical systems. Therefore, C and C are considered "unsafe" programming languages.
Corresponding to C and C, Rust is considered a classic example of a memory-safe programming language. Rust is a systems programming language focused on safety, especially concurrency safety. It supports multi-paradigm languages such as functional, imperative and generic programming paradigms, and deep learning frameworks such as TensorFlow also use it as an excellent front-end language.
In the 2021 annual developer survey report of the programmer question and answer website Stack Overflow, the Rust language became the most popular programming language among developers. One of the reasons Rust is popular in the systems programming world is that it can help eliminate memory-related security vulnerabilities.
Rust’s memory safety features have long been verified by the industry. In April 2021, Google announced that Android would add support for the Rust language. The reason is that memory safety bugs in C and C are the most difficult sources of bugs to solve, and Google has invested a lot of effort and resources to detect, fix and mitigate such bugs, and effectively prevent a large number of bugs from entering Android versions.
However, despite these efforts, memory safety bugs remain the primary cause of stability issues, chronically accounting for approximately 70% of Android's critical security vulnerabilities. Therefore, Google added a 3rd option, Rust, for operating system developers.
Dan Grossman, professor of computer science at the University of Washington, said that for decades, everyone has understood the dangers of C and C, and now it is finally a good time to promote memory-safe programming languages. After all, there are practical and mature ones. alternative plan.
He also believes that getting rid of C and C will not be accomplished overnight, especially in embedded systems. However, this process is expected to accelerate as other programming languages such as Rust become more widely used in systems software.
Regarding the official attitude towards C and C, more people don’t seem to buy it.
Some people think that modern C is memory safe, and all operating systems are programmed in C or C. Some people also believe that even though C is not memory safe, modern C has more "guardrails" and is low-cost or even free of charge.
For Rust, which has been "handpicked" for memory safety, some people feel that its level of support is not that high. , nor worthy of integration into government systems.
In addition to Rust, what other memory-safe programming languages
November 2022, United States National The National Security Agency (NSA) has published a cybersecurity information sheet detailing the programming languages it considers memory safe
- Rust
- Go
- ##C
- #Java
- Swift
- JavaScript
- Ruby
- Python
- Delphi/Object Pascal
- Ada
How popular are the above programming languages? The programming language popularity index TIOBE in February 2024 shows that in terms of programming, Python ranks first, C# ranks fifth, Java ranks fourth, JavaScript ranks sixth, Go ranks eighth, and Delphi/Object Pascal ranks 12th. Swift ranked 16th, Rust ranked 18th, and Ruby barely ranked 20th.
As you can see, most of the languages selected by the NSA are in the top 20, only Ada is not in the top 10, but there are only 5 in the top ten.
Source: https://www.tiobe.com/tiobe-index/
The report also calls for better measurement of software security. ONCD believes: Better metrics enable technology providers to better plan for, predict and mitigate vulnerabilities before they become a problem.
The report also reviews the Apollo 13 mission, which NASA classified as a "successful failure." The mission itself suffered a catastrophic failure, and the three astronauts made temporary repairs and mitigated some of the problems in order to return home safely. The report states: Memory security codes are very important to the space program. Human exploration of space should use a memory-safe language, a language that is as close to the kernel as possible to avoid future accidents.
As more and more of the world becomes digital, better coding becomes increasingly important, and bad code can be used maliciously.
Rust Language
Rust language is a general-purpose, compiled programming language led by Mozilla. The design criteria are "safety, concurrency, and practicality" and supports functional, concurrent, procedural, and object-oriented programming styles.
The most prominent advantage of the Rust language is that it can provide memory safety guarantees without additional performance loss. In the development process of traditional system-level programming languages (C/C++), crashes or bugs caused by various memory errors often occur, such as null pointers, wild pointers, memory leaks, memory out-of-bounds, segfaults, data races, and iterations. Device failure, etc.
Memory problems are a major hidden danger affecting program stability and security, and are a major factor affecting development efficiency. The two major technology giants Google and Microsoft have stated that 70% of program security issues in their important products are caused by memory issues, and both giants are considering using the Rust language to solve memory safety issues.
In addition, Rust also has excellent cross-platform capabilities, supports cross-compilation, and is also friendly to embedded environments.
However, the Rust language also has some tricky shortcomings.
First of all, due to some special syntax in Rust, it is slightly difficult for beginners to get started, such as "lifetime". In comparison, languages such as Python and Java are simpler and easier to learn. But if you already know the C language, learning the Rust language is much easier because it borrows a lot of C syntax.
Secondly, the compiler checking of the Rust language is very strict, and most of the development process is spent solving compilation problems. However, once the compilation is passed, developers do not need to worry about memory safety, memory leaks and other headaches, and only need to focus on business logic.
The above is the detailed content of The White House issued a document calling on developers to abandon C and C++: Rust was 'hand-picked' for memory safety. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1657
14
1415
52
1309
25
1257
29
1231
24
How much is Bitcoin worth
Apr 28, 2025 pm 07:42 PM
Bitcoin’s price ranges from $20,000 to $30,000. 1. Bitcoin’s price has fluctuated dramatically since 2009, reaching nearly $20,000 in 2017 and nearly $60,000 in 2021. 2. Prices are affected by factors such as market demand, supply, and macroeconomic environment. 3. Get real-time prices through exchanges, mobile apps and websites. 4. Bitcoin price is highly volatile, driven by market sentiment and external factors. 5. It has a certain relationship with traditional financial markets and is affected by global stock markets, the strength of the US dollar, etc. 6. The long-term trend is bullish, but risks need to be assessed with caution.
Which of the top ten currency trading platforms in the world are among the top ten currency trading platforms in 2025
Apr 28, 2025 pm 08:12 PM
The top ten cryptocurrency exchanges in the world in 2025 include Binance, OKX, Gate.io, Coinbase, Kraken, Huobi, Bitfinex, KuCoin, Bittrex and Poloniex, all of which are known for their high trading volume and security.
Which of the top ten currency trading platforms in the world are the latest version of the top ten currency trading platforms
Apr 28, 2025 pm 08:09 PM
The top ten cryptocurrency trading platforms in the world include Binance, OKX, Gate.io, Coinbase, Kraken, Huobi Global, Bitfinex, Bittrex, KuCoin and Poloniex, all of which provide a variety of trading methods and powerful security measures.
What are the top ten virtual currency trading apps? The latest digital currency exchange rankings
Apr 28, 2025 pm 08:03 PM
The top ten digital currency exchanges such as Binance, OKX, gate.io have improved their systems, efficient diversified transactions and strict security measures.
Decryption Gate.io Strategy Upgrade: How to Redefine Crypto Asset Management in MeMebox 2.0?
Apr 28, 2025 pm 03:33 PM
MeMebox 2.0 redefines crypto asset management through innovative architecture and performance breakthroughs. 1) It solves three major pain points: asset silos, income decay and paradox of security and convenience. 2) Through intelligent asset hubs, dynamic risk management and return enhancement engines, cross-chain transfer speed, average yield rate and security incident response speed are improved. 3) Provide users with asset visualization, policy automation and governance integration, realizing user value reconstruction. 4) Through ecological collaboration and compliance innovation, the overall effectiveness of the platform has been enhanced. 5) In the future, smart contract insurance pools, forecast market integration and AI-driven asset allocation will be launched to continue to lead the development of the industry.
What are the top currency trading platforms? The top 10 latest virtual currency exchanges
Apr 28, 2025 pm 08:06 PM
Currently ranked among the top ten virtual currency exchanges: 1. Binance, 2. OKX, 3. Gate.io, 4. Coin library, 5. Siren, 6. Huobi Global Station, 7. Bybit, 8. Kucoin, 9. Bitcoin, 10. bit stamp.
Recommended reliable digital currency trading platforms. Top 10 digital currency exchanges in the world. 2025
Apr 28, 2025 pm 04:30 PM
Recommended reliable digital currency trading platforms: 1. OKX, 2. Binance, 3. Coinbase, 4. Kraken, 5. Huobi, 6. KuCoin, 7. Bitfinex, 8. Gemini, 9. Bitstamp, 10. Poloniex, these platforms are known for their security, user experience and diverse functions, suitable for users at different levels of digital currency transactions
How to use the chrono library in C?
Apr 28, 2025 pm 10:18 PM
Using the chrono library in C can allow you to control time and time intervals more accurately. Let's explore the charm of this library. C's chrono library is part of the standard library, which provides a modern way to deal with time and time intervals. For programmers who have suffered from time.h and ctime, chrono is undoubtedly a boon. It not only improves the readability and maintainability of the code, but also provides higher accuracy and flexibility. Let's start with the basics. The chrono library mainly includes the following key components: std::chrono::system_clock: represents the system clock, used to obtain the current time. std::chron
