I support the push towards memory safe languages but emphasizing Rust in the way this paper does seems misguided. It creates a false dichotomy between c style languages without safety guarantees and Rust as though there are no other alternatives. There are other approaches and models that can also achieve bare metal performance for many problems without taking in all of the complexity of Rust. Moreover, we will never settle on one language to rule them all (and if we do I am 100% sure it will not be Rust), so we should be emphasizing approaches to mitigating vulnerabilities rather than prescribing a particular tool.
I wonder if you have any experience or opinions about dealing with the Rust Foundation itself. My personal observation from small talks with them is that Rust decentralized communities are the driving force.
The author does not seem to have written much code.
Also trying to get government funding for a particular language seems like a lobbying to me.
In its own words, this paper calls for:
- an addition to the critical infrastructure information technology sector,
- a cloud computing tax to fund critical U.S. cyber defense
- U.S.-sponsored governance for emerging cybersecurity solutions like Rust, and
- a U.S.-sponsored open source library verification service.
Some relevant quotes:
- Cloud sales tax:
-- "A cloud computing tax is long overdue, and it must be collected to secure the software supply chain for American consumers."
-- "A cloud sales tax would put the cost of securing open source for U.S. economic stability on the companies that have profited the most from open source software—its biggest consumers. The Open Source Trust can offer financial support to open source communities, allow for more free-flowing exploration of our technology frontier, and close a gaping hole in America’s economic stability."
- "A public-private partnership effort to build an actionable cookbook for memory-safety migration would be a better first step than urging technology manufacturers to use the one available today." ... "CISA should partner with early Rust adopters to identify their insights, costs, and wins and visibly incorporate that data into the roadmap guidance." ... "CISA should lead an initiative to create this cookbook for memory-safety migration starting with Rust, where there is little institutional knowledge available today, and this work should be funded by the Open Source Trust."
- Because Rust's memory safety and analysis tools are limited, and because engineers "need education and tools to know when to use [unsafe Rust] and how to mitigate the risks 'unsafe Rust' introduces," CISA SEI should "receive Open Source Trust funding to continue their research and development and (a) reduce the limitations of the Rust compiler, (b) audit the Rust compiler’s correctness in assessing the memory safety of Rust code, and (c) develop both static and dynamic analysis tools for safe and unsafe Rust."
- Also, CISA should "receive additional Open Source Trust funding to support rapid, in-depth development of standards across package repositories, compilers, and build tools" to mitigate the the security problems that come from one person controlling a crate that thousands depend on.
This isn't that important, but it's interesting, because I have often heard complaints here that Rust is hard to read.
"Rust is also the easiest programming language to sight-read. Engineers reading new code are like musicians reading unfamiliar sheet music. There are always recognizable elements, but the theme, pace, and key may be outside of the player’s experience. In software, those unfamiliar elements can take a developer through a complicated maze of dependencies and logic trees, and Rust makes the trail of logic in a program easier to follow. Researchers have concluded that Rust has a significantly lower cognitive complexity than C, C++, Python, JavaScript, and TypeScript (all languages studied), “meaning that [Rust] can guarantee the highest understandability of source code compared to all others.” As a result, software maintainers can understand unfamiliar Rust code far more quickly than code wri0en in many other popular languages."
They cite this study: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7959618/
Is there currently public funding for any other programming languages?
What I really, really need from Rust maintainers is a #[forbid(panic)] somewhen in the next releases.