The majority (70%) of CVE and vulnerabilities fixed at Microsft are caused by memory corruption bugs in C/C++ code.
There are many tools for preventing, detecting, and fixing memory bugs.
Developers tend to miss these tools because they are not the first-class citizen of the programming language and their learning curve are high.
Developers should worry more about features and less about tooling and security.
A memory-safe programming language removes the burden from developers and puts it on language designers.
Memory safety is a property of programming languages where all memory accesses are well-defined.
Most programming languages are memory-safe by using some of form of grabage collection.
System programming languages cannot afford the runtime overhead of using grabage collector.
Spatial memory safety is about ensuring all memory accesses are within bounds of the type being accessed.
Temporal memory safety is about ensuring pointers still point to valid memory when dereferencing.
A data race happens when two or more threads in a process, that one of them at least is a writer, concurrently access the same memory location without any mechanism for exclusive access.
Rust is a memory-safe programming language for system programming and high-performance use-cases.
Rust provides strong memory safety and it is completely memory safe (except the unsafe keyword).
Rust is comparable with C/C++ in terms of performance, speed, control, and predictability.
Rust runtime (standard library) depends on libc, but it is optional. (it can be run without an operating system).
Rust provides performance, control on memory allocation, and strong memory-safety and empowers developers to write robust and secure programs.
Some of the issues with Rust are lack interoperability with C/C++ and limiting the usage of the unsafe superset at scale.