Trust in Rust

Software drives our era

As we are in a digital age, software and data emerge as the driving force that propels us forward. Software development has become an essential discipline in our technology-driven world.

It encompasses the process of designing, coding, testing, and deploying software applications that address a wide range of needs and challenges. Within the realm of software development, a plethora of programming languages exist as powerful tools, each with its own unique features, syntax, and purposes.

From the flexibility of Python to the performance of C++, and from the web-centric nature of JavaScript, the choice of programming language plays a pivotal role in shaping the resulting software.

Secure Programming

With software and data at the center of our personal and business environments, security has become paramount. Unfortunately, programmers, and many software development environments, do not always follow best practices for memory safety and management, or do thorough checks on string handling.

Without getting too much into the detail, being complacent with such programming fundamentals, results in software that is prone to vulnerabilities such as buffer overflows, which lead to software crashes, or enable attackers to extract data or execute arbitrary code.

Introducing Rust

To combat this, the Rust programming language has emerged as a robust solution, offering enhanced security by preventing many vulnerabilities that often go undetected in other programming languages.

Rust's unique design choices and safety features make it a reliable choice for secure software development. Rust was developed by Mozilla with the explicit goal of preventing common software vulnerabilities. Its core philosophy revolves around memory safety, concurrent programming, and zero-cost abstractions.

By combining these elements, Rust empowers developers to write code that is both efficient and secure.

Also read: Secure by design: Rust and Runtime Encryption

The cost of prevention

While Rust's emphasis on safety and security brings numerous benefits, it's important to acknowledge that writing secure code in Rust requires more upfront effort than other languages.

The compiler's strict rules enforcement might lead to initial frustration for developers accustomed to languages with looser safety guarantees. However, this trade-off is well worth it when considering the long-term benefits of enhanced security and the prevention of vulnerabilities.

Fortanix’s Rust adoption

When Fortanix was set up to build a security platform, they identified Rust as an important building block. Fortanix software architects immediately recognized the advantages of using the Rust programming language and used it to build the Data Security Manager platform as early as the 1.0 release of Rust.

Along with the Confidential Computing foundation, the Fortanix platform is purpose-built for security. Check out this video where Dr. Jethro Beekman, CISO at Fortanix shares his take on Rust.

The future of Rust

Rust is gaining serious traction in the tech industry. Organizations like Microsoft and Google are adopting memory-safe languages rapidly. Google made Rust the default for new code in the Android Open-Source Project (AOSP), and it now accounts for over 21% of the code.

The Linux kernel also recently included support for Rust. It is clear that over time, Rust will gain traction as vendors become more security aware.