https://www.theregister.com/2024/09/06/google_rust_c_code_language/

# # Sign in / up
The Register(r) -- Biting the hand that feeds IT
#
# #

Topics

Security

Security

All SecurityCyber-crimePatchesResearchCSO (X)
Off-Prem

Off-Prem

All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X)
On-Prem

On-Prem

All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector (X)
Software

Software

All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X)
Offbeat

Offbeat

All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite
NewsAbout Us (X)
Special Features

Special Features

All Special Features VMware Explore Blackhat and DEF CON Cloud
Infrastructure Month Malware Month The Reg in Space Spotlight on RSA

Vendor Voice

Vendor Voice

Vendor Voice

All Vendor Voice Amazon Web Services (AWS) New Horizon in Cloud
Computing Google Gemini Hewlett Packard Enterprise: Edge-to-Cloud
Platform Intel vPro VMware (X)
Resources

Resources

Whitepapers Webinars & Events Newsletters
[front]

Software

90 comment bubble on white

Google says replacing C/C++ in firmware with Rust is easy

90 comment bubble on white

Not so much when trying to convert coding veterans

icon Thomas Claburn
Fri 6 Sep 2024 // 21:44 UTC
#
   
  

Google recently rewrote the firmware for protected virtual machines
in its Android Virtualization Framework using the Rust programming
language and wants you to do the same, assuming you deal with
firmware.

In a write-up on Thursday, Android engineers Ivan Lozano and Dominik
Maier dig into the technical details of replacing legacy C and C++
code with Rust.

"You'll see how easy it is to boost security with drop-in Rust
replacements, and we'll even demonstrate how the Rust toolchain can
handle specialized bare-metal targets," said Lozano and Maier.

[front]

Easy is not a term commonly heard with regard to a programming
language known for its steep learning curve.

[front]
[front]

Nor is it easy to get C and C++ developers to see the world with
Rust-tinted lenses. Just last week, one of the maintainers of the
Rust for Linux project - created to work Rust code into the C-based
Linux kernel - stepped down, citing resistance from Linux kernel
developers.

"Here's the thing, you're not going to force all of us to learn
Rust," said a Linux kernel contributor during a lively discussion
earlier this year at a conference.

  * DARPA suggests turning old C code automatically into Rust - using
    AI, of course
  * LLM-driven C-to-Rust. Not just a good idea, a genie eager to
    escape
  * How to maintain code for a century: Just add Rust
  * CISA looked at C/C++ projects and found a lot of C/C++ code.
    Wanna redo any of it in Rust?

Nonetheless, Google is encouraging those who are willing to do so.
Citing the lack of high-level security mechanisms in firmware, which
is often written in memory-unsafe languages such as C or C++, Lozano
and Maier argue that Rust provides a way to avoid the memory safety
bugs like buffer overflows and use-after-free that account for the
majority of significant vulnerabilities in large codebases.

"Rust provides a memory-safe alternative to C and C++ with comparable
performance and code size," they note. "Additionally it supports
interoperability with C with no overhead."

[front]

The US government lately has been hammering on this theme, with
support from leading tech firms and non-profit initiatives to rewrite
critical open source projects and components in Rust. Witness the
Cybersecurity & Infrastructure Security Agency recommendation last
year that software vendors "make it a top-level company goal to
reduce and eventually eliminate memory safety vulnerabilities from
their product lines."

Google was already sold on the idea, having concluded that its Rust
developers are twice as productive as its C++ engineers.

"We recognize Rust's critical role in building secure and reliable
software at all levels of the stack," said Lars Bergstrom, director
of engineering for Android Programming Languages at Google and chair
of the Board of Directors of the Rust Foundation, in a statement
provided to The Register.

[front]

"At Google, we're increasing Rust's use across Android, Chromium, and
more to reduce memory safety vulnerabilities. We're dedicated to
collaborating with the Rust ecosystem to drive its adoption and
provide developers with the resources and training they need to
succeed. This work on bringing Rust to embedded and firmware
addresses another critical part of the stack." (r)

Get our Tech Resources
# Share
   
  

More about

  * Google
  * Government
  * Rust

More like these
x

More about

  * Google
  * Government
  * Rust
  * Security
  * Software

Narrower topics

  * 2FA
  * AdBlock Plus
  * Advanced persistent threat
  * Android
  * App
  * Application Delivery Controller
  * App stores
  * Audacity
  * Authentication
  * BEC
  * Black Hat
  * BSides
  * Bug Bounty
  * CHERI
  * Chrome
  * Chromium
  * CISO
  * Common Vulnerability Scoring System
  * Confluence
  * Cybercrime
  * Cybersecurity
  * Cybersecurity and Infrastructure Security Agency
  * Cybersecurity Information Sharing Act
  * Database
  * Data Breach
  * Data Protection
  * Data Theft
  * DDoS
  * DEF CON
  * Digital certificate
  * Encryption
  * Exploit
  * Federal government of the United States
  * Firewall
  * FOSDEM
  * FOSS
  * Gemini
  * Google AI
  * Google Cloud Platform
  * Google I/O
  * Google Nest
  * Government of the United Kingdom
  * Grab
  * Graphics Interchange Format
  * G Suite
  * Hacker
  * Hacking
  * Hacktivism
  * IDE
  * Identity Theft
  * Incident response
  * Infosec
  * Insider Trading
  * Jenkins
  * Kenna Security
  * Kubernetes
  * Legacy Technology
  * LibreOffice
  * Map
  * Microsoft 365
  * Microsoft Office
  * Microsoft Teams
  * Mobile Device Management
  * NCSAM
  * NCSC
  * OpenOffice
  * Palo Alto Networks
  * Password
  * Phishing
  * Pixel
  * Privacy Sandbox
  * QR code
  * Quantum key distribution
  * Ransomware
  * Remote Access Trojan
  * Retro computing
  * REvil
  * RSA Conference
  * Software bug
  * Software License
  * Spamming
  * Spyware
  * Surveillance
  * Tavis Ormandy
  * Text Editor
  * TLS
  * Trojan
  * Trusted Platform Module
  * User interface
  * Visual Studio
  * Visual Studio Code
  * Vulnerability
  * Wannacry
  * WebAssembly
  * Web Browser
  * WordPress
  * Zero trust

Broader topics

  * Alphabet
  * Programming Language
  * Search Engine
  * Sector

More about

# Share
   
  
90 comment bubble on white COMMENTS

More about

  * Google
  * Government
  * Rust

More like these
x

More about

  * Google
  * Government
  * Rust
  * Security
  * Software

Narrower topics

  * 2FA
  * AdBlock Plus
  * Advanced persistent threat
  * Android
  * App
  * Application Delivery Controller
  * App stores
  * Audacity
  * Authentication
  * BEC
  * Black Hat
  * BSides
  * Bug Bounty
  * CHERI
  * Chrome
  * Chromium
  * CISO
  * Common Vulnerability Scoring System
  * Confluence
  * Cybercrime
  * Cybersecurity
  * Cybersecurity and Infrastructure Security Agency
  * Cybersecurity Information Sharing Act
  * Database
  * Data Breach
  * Data Protection
  * Data Theft
  * DDoS
  * DEF CON
  * Digital certificate
  * Encryption
  * Exploit
  * Federal government of the United States
  * Firewall
  * FOSDEM
  * FOSS
  * Gemini
  * Google AI
  * Google Cloud Platform
  * Google I/O
  * Google Nest
  * Government of the United Kingdom
  * Grab
  * Graphics Interchange Format
  * G Suite
  * Hacker
  * Hacking
  * Hacktivism
  * IDE
  * Identity Theft
  * Incident response
  * Infosec
  * Insider Trading
  * Jenkins
  * Kenna Security
  * Kubernetes
  * Legacy Technology
  * LibreOffice
  * Map
  * Microsoft 365
  * Microsoft Office
  * Microsoft Teams
  * Mobile Device Management
  * NCSAM
  * NCSC
  * OpenOffice
  * Palo Alto Networks
  * Password
  * Phishing
  * Pixel
  * Privacy Sandbox
  * QR code
  * Quantum key distribution
  * Ransomware
  * Remote Access Trojan
  * Retro computing
  * REvil
  * RSA Conference
  * Software bug
  * Software License
  * Spamming
  * Spyware
  * Surveillance
  * Tavis Ormandy
  * Text Editor
  * TLS
  * Trojan
  * Trusted Platform Module
  * User interface
  * Visual Studio
  * Visual Studio Code
  * Vulnerability
  * Wannacry
  * WebAssembly
  * Web Browser
  * WordPress
  * Zero trust

Broader topics

  * Alphabet
  * Programming Language
  * Search Engine
  * Sector

TIP US OFF

Send us news

---------------------------------------------------------------------

Other stories you might like

 

Rust for Linux maintainer steps down in frustration with
'nontechnical nonsense'

Community seems to C Rust more as a burden than a benefit
Software2 Sep 2024 | 178
 

Defense AI models 'a risk to life' alleges spurned tech firm

In-depth Chatterbox Labs CEO claims Chief Digital and Artificial
Intelligence Office unfairly cancelled a contract then accused him of
blackmail
AI + ML6 Sep 2024 | 4
 

Rock Chrome hard enough and get paid half a million

Google revises Chrome Vulnerability Rewards Program with higher
payouts for bug hunters
Security29 Aug 2024 |
 

The ultimate dual-use tool for cybersecurity

Sword or plowshare? That depends on whether you're an attacker or a
defender
Sponsored Feature
[front]
 

Yelp accuses Google of being a local search bully in antitrust
lawsuit

Chocolate Factory claims rival is trying to revive cases it's already
lost
Legal29 Aug 2024 | 8
 

GPT apps fail to disclose data collection, study finds

Researchers say that implementing Actions omit privacy details and
expose info
AI + ML31 Aug 2024 | 3
 

Chrome dumped support for Ubuntu 18.04 - but it'll be back

Complaints about lack of notice plus an inquiry from El Reg prompt
U-turn by web giant
Applications22 Aug 2024 | 21
 

Microsoft hosts a security summit but no press, public allowed

op-ed CrowdStrike, other vendors, friendly govt reps...but not anyone
who would tell you what happened
Security28 Aug 2024 | 11
 

Deadline looms: Google Workspace mandates OAuth by September 30

27 days to get your users' third-party apps on Google's sign-in
Devops3 Sep 2024 | 7
 

Digital wallets can allow purchases with stolen credit cards

Researchers find it's possible to downgrade authentication checks,
and shabby token refresh policies
Research20 Aug 2024 | 32
 

Competition watchdog accuses Google of abusing ad dominance

Provisional findings echo worries in the US and EC about the search
giant's dominance
Personal Tech6 Sep 2024 | 7
 

Despite cyberattacks, water security standards remain a pipe dream

Feature White House floats round two of regulations
Cyber-crime7 Sep 2024 | 7

The Register icon Biting the hand that feeds IT

About Us*

  * Contact us
  * Advertise with us
  * Who we are

Our Websites*

  * The Next Platform
  * DevClass
  * Blocks and Files

Your Privacy*

  * Cookies Policy
  * Privacy Policy
  * Ts & Cs
  * Do not sell my personal information

Situation Publishing

Copyright. All rights reserved (c) 1998-2024

no-js