Mark on Nostr: Long article, but worth the read. ...
Long article, but worth the read.
https://medium.com/@john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce
"But, the reputation that memory safety problems currently have of being plentiful and trivial for sophisticated attackers to find and exploit is wrong.
[...]
C programs generally have a small number of external dependencies, where often those dependencies are among the most used pieces of software out there [...] Most other languages are much better equipped to support programmers leveraging the work of other programmers. In some sense, that’s a good thing from a business perspective. But from a security perspective, more dependencies not only tends to increase our attack surface, but it leaves us more open to supply chain attacks.
[...]
I have personally always been far more concerned about minimizing dependencies than buffer overflows. There are straightforward approaches to minimizing memory safety problems [...] But digging into each and every dependency?
[...]
My intent here isn’t to argue for using C over Rust, it’s to show that decisions around language choice are far more complex than the sound bytes people fling around."
https://medium.com/@john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce
"But, the reputation that memory safety problems currently have of being plentiful and trivial for sophisticated attackers to find and exploit is wrong.
[...]
C programs generally have a small number of external dependencies, where often those dependencies are among the most used pieces of software out there [...] Most other languages are much better equipped to support programmers leveraging the work of other programmers. In some sense, that’s a good thing from a business perspective. But from a security perspective, more dependencies not only tends to increase our attack surface, but it leaves us more open to supply chain attacks.
[...]
I have personally always been far more concerned about minimizing dependencies than buffer overflows. There are straightforward approaches to minimizing memory safety problems [...] But digging into each and every dependency?
[...]
My intent here isn’t to argue for using C over Rust, it’s to show that decisions around language choice are far more complex than the sound bytes people fling around."