Robin Rowe, a former computer science professor, has announced TrapC, a memory-safe fork of the C programming language, aimed at eliminating memory safety bugs like segfaults and buffer overruns. TrapC maintains compatibility with C's application binary interface (ABI) and is designed to be safer and easier to learn than Rust. The TrapC compiler is expected to be released as open source in 2025, with Rowe's startup, Trasec, supporting its development. This initiative addresses the national security concern over memory safety vulnerabilities in C and C++.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are urging software developers to transition from memory-unsafe languages like C and C++ to safer alternatives such as Rust, Java, and Python, due to the high risk of security vulnerabilities. Despite the push, the transition is challenging due to the complexity of converting existing codebases, potential performance slowdowns, and the cost of new tools. While CISA emphasizes the long-term security benefits, the shift is expected to be slow, with significant changes unlikely before the 2030s.
The US Cybersecurity and Infrastructure Agency (CISA) is urging business and technical leaders to prioritize memory safety in software development, as memory safety errors often lead to significant damage. CISA, along with other cyber security authorities, is calling on software manufacturers to implement memory safe languages (MSLs) and create memory safe roadmaps to eliminate vulnerabilities. The move comes after a year of criticism towards C/C++ and praise for memory safe languages like Rust. Microsoft has committed $10 million to Rust tooling, and CISA advises organizations to move away from C/C++ due to the prevalence of memory safety vulnerabilities, even with training. CISA suggests using languages like C#, Go, Java, Python, Rust, and Swift for memory safe code.
Two core Unix-like utilities, sudo and su, are being rewritten in Rust by a joint team from Ferrous Systems and Tweede Golf, with support from Amazon Web Services, as part of a wider effort to replace critical but aging infrastructure pieces with memory-safe counterparts. The team believes that sudo, which was first developed in the 1980s and is written in C, has experienced many vulnerabilities related to memory safety issues. The project's work plan and milestones are posted, and you can track the work on GitHub.
Microsoft is rewriting core Windows libraries in Rust programming language to catch and squash memory safety bugs before the code lands in the hands of users. Rust is focused on memory safety and similar protections, which reduces the number of bad bugs in the resulting code. Rust is already being used by Google and Microsoft is planning to have Windows booting with Rust in the kernel in the next several weeks or months.
Microsoft is rewriting core Windows libraries in Rust programming language to catch and squash memory safety bugs before the code lands in the hands of users. Rust is focused on memory safety and similar protections, which cuts down on the number of bad bugs in the resulting code. The Rust renovation of Windows began in 2020 with DWriteCore, and now the latest version of Windows 11 boots with the Rust version. Microsoft's adoration of Rust does have limits, but even qualified support from Microsoft is making Rust more capable through code contributions, and that benefits the entire open source community.
