“There remains a huge amount of work we need to do on legal, security and compliance issues” she noted in that blog and in conversation with The Stack adds: “Rust was spun out of Mozilla which wasn’t really planning on stewarding it in the long term. In a blog earlier this year she spelled out quite how much recent work this has entailed, from ensuring Rust is trademarked outside of the US through to the legal, financial and administrative work to create, administer and organise programmes of support for the community funded by the Rust Foundation’s sponsors. She was appointed in November 2021 and describes her job to The Stack as to “build a team that can do, quite frankly, all the boring stuff, all of the legal, accounting, finance, trademarking, licencing, things that people do not want to volunteer their Sunday afternoon for, and to provide as much infrastructure and support as possible so that can worrying too much about project management.” A non-profit with a team of four, it is led by CEO Dr Rebecca Rumbul, an experienced NGO director who has also served as a council member at the Advertising Standards Authority, as a Trustee at the Hansard Society and as the UK representative claimant at the Privacy Collective. The Rust Foundation itself is far from large. (Rust has had 6621 individuals contributors in total with ~300 people on average contributing to most recent releases.) It only gained a discrete formal organisation to own its governance in 2020 with the establishment of the Rust Foundation – a move that came in the wake of sweeping job cuts at primary sponsor the Mozilla Foundation that had raised serious concerns among many in the community about Rust’s future – and the language’s success has also put a spotlight on the challenges of supporting an often stretched community of maintainers. Rust, born in 2006 as a personal side project of Graydon Hoare at Mozilla and run as an open source project with an autonomous collective of maintainers largely working as volunteers, has operated autonomously since the launch of Rust 1.0 in 2015 - a release that had 53 contributors, dominated by the efforts of Brian Anderson and Patrick Walton alongside Hoare (who explained his decision to step away from what had amounted to a technical lead role at Rust in 2013 here.) With great popularity, comes great responsibility… Rust, crudely, is not prone to these issues and "has formed a very strong community of developers who care about performance, memory safety, and security" as SlashData's May survey of 20,000 developers put it. Two-thirds of Linux kernel vulnerabilities come from memory safety issues the list goes on.
About 70% of all CVEs at Microsoft are memory safety issues. It is not hard to find further examples of this. Memory safety issues cause bad cybersecurity. Analysis last month by Google's Project Zero threat hunting team found that 67% of the 58 zero days it spotted being exploited in the wild in 2021 were memory corruption vulnerabilities.
#Rust programming language popularity code#
This is not some esoteric concern of developers keen to write clean code for the sake of aesthetics. Those interested in more detail can explore how Rust ensures memory safety and handles concurrent programming, where different parts of a programme execute independently, in " The Rust Programming Language"). (In Rust, the compiler plays a gatekeeper role by refusing to compile code with such bugs, including concurrency bugs. Rust, by contrast, handles memory management and other security-sensitive tasks safely by default. Languages, like C and C++ - born in 19 respectively - are ubiquitous as the building blocks of much modern software, but also prone to memory safety issues that cause severe security vulnerabilities downstream.
Enterprise uptake is also growing: Rust is used in production by Canonical, Chef, Cloudflare, Deliveroo and many others - plumbing just the shallow end of the alphabet.
#Rust programming language popularity software#
With an open source software security plan presented to the White House in May and backed by some of industry's leading CISOs explicitly urging industry to begin moving from C and C++ to memory-safe languages like Rust, the wind is clearly in the "Rustacean" community’s sails. The number of developers using the Rust programming language has tripled in 24 months to 2.2 million.
0 kommentar(er)
