"I doubt we'll see immediate effects because the amount of C and C++ code written over the years is immense and even if we all start using Rust and Go tomorrow, it'll take decades before we clean up this mess," said Reed. In other words, more simply, namely, simply put, to put it differently. "Mitigations like address space layout randomization (ASLR) and stack guard are kind of a band-aid, not a full solution moving to a memory-safe language is a much better one," added Reed, before echoing Russinovich's sentiments. and alternative vocabulary choices you might use when connecting ideas in. "I think NSA is doing the right thing," CISO of cybersecurity firm Acronis, Kevin Reed, told The Register. The CTO did acknowledge that although he'll bias new tools towards Rust, there exists an "enormous amount of C/C++ that will be maintained and evolved for decades (or longer.)" Russinovich himself had added to his already 85,000 lines of Sysinternals C/C++ code just the night prior to his tweet. Microsoft Azure CTO Mark Russinovich laid out his case in September that it's time to halt any new projects in the two time-tested languages. While the languages are ubiquitous, the NSA's assertion that C and C++ are particularly problematic is a popular opinion. JavaScript took its decade-long spot as the most-popular language with 17.5 million developers. Go has also been prolific, it was clocked as having a community of 3.3 million developers. Rust users have tripled between Q1 2020 and Q1 2022, according to analyst firm SlashData. Namely gives you the resources to make your life easier and your employees happier. Rust, while powerful, has a fairly steep learning curve, for example. Shifting from one language to another can be a right old pain in the ASCII, if even possible at times. For instance, additional levels of inherent protection may slow down development at first, as memory-unsafe code will not be built by certain toolchains, though the pay off of fewer bugs and more maintainable code down the line is arguably worth it. However, the NSA did recognize that "memory safe" is a bit of a misnomer and the concept exists on a spectrum.īeing memory safe also comes with its own challenges. Buddy Punch’s platform is suitable for both small businesses and large enterprises that are looking for human resource management solutions. NSA cybersecurity technical director Neal Ziring said consistent use of memory safe language and other protections was necessary when developing software to eliminate such vulnerabilities. As one of the top Wrike alternatives, Buddy Punch is an excellent choice for any business. ![]() Hive ransomware gang rapidly evolves with complex encryption, Rust code Considering alternatives to Namely See what Cloud HCM Suites for 1,000+ Employee Enterprises Namely users also considered in their purchasing decision.In Rust We Trust: Microsoft Azure CTO shuns C and C++.Linux luminaries discuss efforts to bring Rust to the kernel.Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |