Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday December 04 2022, @05:17AM   Printer-friendly
from the rust-never-sleeps dept.

Google: After using Rust, we slashed Android memory safety vulnerabilities:

Google's decision to use Rust for new code in Android in order to reduce memory-related flaws appears to be paying off. Memory safety vulnerabilities in Android have been more than halved -- a milestone that coincides with Google's switch from C and C++ to the memory-safe programming language, Rust.

This is the first year that memory safety vulnerabilities are not the biggest category of security flaws, and comes a year after Google made Rust the default for new code in the Android Open Source Project (AOSP).

Other memory-safe languages Google has used for Android include Java and Java-compatible Kotlin. C and C++ are still dominant languages in AOSP, but Android 13 is the first version where most of the new code is from memory-safe languages. After Google adopted it for AOSP in April 2021, Rust now accounts for about 21% of new code. The Linux kernel project this year adopted Rust as the new official second language to C.

Android version 10 from 2019 had 223 memory safety bugs, while Android 13 has 85 known memory safety issues.

Over that period, memory safety vulnerabilities have dropped from 76% down to 35% of Android's total vulnerabilities, notes Android security software engineer Jeffrey Vander Stoep. With this drop in memory safety vulnerabilities, Google is also seeing a decline in critical and remotely exploitable flaws.

Vander Stoep notes that this change was not driven by "heroics" — just developers using the best tools for the job. The Android team plans to step up usage of Rust, although there are no plans to get rid of C and C++ for its systems programming.

"If I had to identify a single characteristic that makes this possible, I would say 'humility'. There's a willingness within all levels of the Android team to say 'How can we do better?' along with the fortitude to follow through and make changes, including systemic changes," he noted in a tweet.

"Humility needs to go both ways though. Rust doesn't solve all problems, and there are areas where C/C++ will continue to be the most practical option for development, at least for a while. That's OK."


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.