The White House issued a document calling on developers to abandon C and C++: Rust was 'hand-picked' for memory safety

Recently, the White House Office of the National Cyber ​​Director (ONCD) made an important point in a 19-page report: developers should use memory-safe programming languages, such as the Rust language. The report points out that choosing a memory-safe programming language is a key way to ensure that software is developed in a secure-by-design manner.

ONCD also pointed out that the recommendations in the report were developed in collaboration with technology companies, academia and other institutions, and have the support of a number of well-known technology companies, including HP, Accenture and Palantir.

Report address: https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical- Report.pdf

In fact, this is not the first time that an official US agency has called for the abandonment of C and C.

Last December, the U.S. Cybersecurity and Infrastructure Agency (CISA), together with other agencies, released a "Memory Security Roadmap Guidance", pointing out C and C as memory incompatible Safe programming languages ​​emphasize that software developers should adopt other memory-safe programming languages ​​such as Rust and Java. The purpose of this guide is to increase awareness of memory safety issues in software development and encourage the adoption of more reliable programming languages ​​to reduce potential security vulnerabilities. CISA specifically emphasizes the importance of adopting memory-safe programming languages ​​as this helps reduce the risk of malicious attacks and data leaks. This move is also to promote the development of the software development industry in a more secure and reliable direction,

Source: https://www.cisa.gov /sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf

Abandon C and C, turn to Rust, just for memory safety

It is important to emphasize the use of memory-safe programming languages ​​because memory safety prevents problems such as buffer overflows and dangling pointers, which can lead to bugs and vulnerabilities. Therefore, it is crucial to understand the concept of memory safety.

How harmful is memory insecurity? In 2019, Microsoft security engineers reported that approximately 70% of security issues were caused by memory safety issues. In 2020, Google reported similar data for bugs discovered in the Chromium browser.

For programming languages, both C and C allow arbitrary pointer arithmetic using direct memory addresses without bounds checking. The report states that experts have found some programming languages, represented by C and C, that both lack memory safety-related features and are highly pervasive in some critical systems. Therefore, C and C are considered "unsafe" programming languages.

Corresponding to C and C, Rust is considered a classic example of a memory-safe programming language. Rust is a systems programming language focused on safety, especially concurrency safety. It supports multi-paradigm languages ​​such as functional, imperative and generic programming paradigms, and deep learning frameworks such as TensorFlow also use it as an excellent front-end language.

In the 2021 annual developer survey report of the programmer question and answer website Stack Overflow, the Rust language became the most popular programming language among developers. One of the reasons Rust is popular in the systems programming world is that it can help eliminate memory-related security vulnerabilities.

Rust’s memory safety features have long been verified by the industry. In April 2021, Google announced that Android would add support for the Rust language. The reason is that memory safety bugs in C and C are the most difficult sources of bugs to solve, and Google has invested a lot of effort and resources to detect, fix and mitigate such bugs, and effectively prevent a large number of bugs from entering Android versions.

However, despite these efforts, memory safety bugs remain the primary cause of stability issues, chronically accounting for approximately 70% of Android's critical security vulnerabilities. Therefore, Google added a 3rd option, Rust, for operating system developers.

Dan Grossman, professor of computer science at the University of Washington, said that for decades, everyone has understood the dangers of C and C, and now it is finally a good time to promote memory-safe programming languages. After all, there are practical and mature ones. alternative plan.

He also believes that getting rid of C and C will not be accomplished overnight, especially in embedded systems. However, this process is expected to accelerate as other programming languages ​​such as Rust become more widely used in systems software.

Regarding the official attitude towards C and C, more people don’t seem to buy it.

Some people think that modern C is memory safe, and all operating systems are programmed in C or C. Some people also believe that even though C is not memory safe, modern C has more "guardrails" and is low-cost or even free of charge.

For Rust, which has been "handpicked" for memory safety, some people feel that its level of support is not that high. , nor worthy of integration into government systems.

In addition to Rust, what other memory-safe programming languages ​​​​

November 2022, United States National The National Security Agency (NSA) has published a cybersecurity information sheet detailing the programming languages ​​it considers memory safe

• Rust
• Go
• ##C
• #Java
• Swift
• JavaScript
• Ruby
• Python
• Delphi/Object Pascal
• Ada

How popular are the above programming languages? The programming language popularity index TIOBE in February 2024 shows that in terms of programming, Python ranks first, C# ranks fifth, Java ranks fourth, JavaScript ranks sixth, Go ranks eighth, and Delphi/Object Pascal ranks 12th. Swift ranked 16th, Rust ranked 18th, and Ruby barely ranked 20th.

As you can see, most of the languages ​​selected by the NSA are in the top 20, only Ada is not in the top 10, but there are only 5 in the top ten.

Source: https://www.tiobe.com/tiobe-index/

The report also calls for better measurement of software security. ONCD believes: Better metrics enable technology providers to better plan for, predict and mitigate vulnerabilities before they become a problem.

The report also reviews the Apollo 13 mission, which NASA classified as a "successful failure." The mission itself suffered a catastrophic failure, and the three astronauts made temporary repairs and mitigated some of the problems in order to return home safely. The report states: Memory security codes are very important to the space program. Human exploration of space should use a memory-safe language, a language that is as close to the kernel as possible to avoid future accidents.

As more and more of the world becomes digital, better coding becomes increasingly important, and bad code can be used maliciously.

Rust Language

Rust language is a general-purpose, compiled programming language led by Mozilla. The design criteria are "safety, concurrency, and practicality" and supports functional, concurrent, procedural, and object-oriented programming styles.

The most prominent advantage of the Rust language is that it can provide memory safety guarantees without additional performance loss. In the development process of traditional system-level programming languages ​​(C/C++), crashes or bugs caused by various memory errors often occur, such as null pointers, wild pointers, memory leaks, memory out-of-bounds, segfaults, data races, and iterations. Device failure, etc.

Memory problems are a major hidden danger affecting program stability and security, and are a major factor affecting development efficiency. The two major technology giants Google and Microsoft have stated that 70% of program security issues in their important products are caused by memory issues, and both giants are considering using the Rust language to solve memory safety issues.

In addition, Rust also has excellent cross-platform capabilities, supports cross-compilation, and is also friendly to embedded environments.

However, the Rust language also has some tricky shortcomings.

First of all, due to some special syntax in Rust, it is slightly difficult for beginners to get started, such as "lifetime". In comparison, languages ​​such as Python and Java are simpler and easier to learn. But if you already know the C language, learning the Rust language is much easier because it borrows a lot of C syntax.

Secondly, the compiler checking of the Rust language is very strict, and most of the development process is spent solving compilation problems. However, once the compilation is passed, developers do not need to worry about memory safety, memory leaks and other headaches, and only need to focus on business logic.

The above is the detailed content of The White House issued a document calling on developers to abandon C and C++: Rust was 'hand-picked' for memory safety. For more information, please follow other related articles on the PHP Chinese website!