Long article, but worth the read.
https://medium.com/@john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce
"But, the reputation that memory safety problems currently have of being plentiful and trivial for sophisticated attackers to find and exploit is wrong.
[...]
C programs generally have a small number of external dependencies, where often those dependencies are among the most used pieces of software out there [...] Most other languages are much better equipped to support programmers leveraging the work of other programmers. In some sense, that’s a good thing from a business perspective. But from a security perspective, more dependencies not only tends to increase our attack surface, but it leaves us more open to supply chain attacks.
[...]
I have personally always been far more concerned about minimizing dependencies than buffer overflows. There are straightforward approaches to minimizing memory safety problems [...] But digging into each and every dependency?
[...]
My intent here isn’t to argue for using C over Rust, it’s to show that decisions around language choice are far more complex than the sound bytes people fling around."
Mark
npub1f0…pzj2x
2024-04-24 10:44:04
Author Public Key
npub1f0rwg0z2smrkggypqn7gctscevu22z6thch243365xt0tz8fw9uqupzj2xPublished at
2024-04-24 10:44:04Event JSON
{
"id": "35f955f899b73ede0dcb8b1353b63cbe70b169af81ea3ba45462756e9a553ed7",
"pubkey": "4bc6e43c4a86c764208104fc8c2e18cb38a50b4bbe2eaac63aa196f588e97178",
"created_at": 1713955444,
"kind": 1,
"tags": [
[
"r",
"https://medium.com/@john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce"
]
],
"content": "Long article, but worth the read.\nhttps://medium.com/@john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce\n\n\"But, the reputation that memory safety problems currently have of being plentiful and trivial for sophisticated attackers to find and exploit is wrong.\n[...]\nC programs generally have a small number of external dependencies, where often those dependencies are among the most used pieces of software out there [...] Most other languages are much better equipped to support programmers leveraging the work of other programmers. In some sense, that’s a good thing from a business perspective. But from a security perspective, more dependencies not only tends to increase our attack surface, but it leaves us more open to supply chain attacks.\n[...]\nI have personally always been far more concerned about minimizing dependencies than buffer overflows. There are straightforward approaches to minimizing memory safety problems [...] But digging into each and every dependency?\n[...]\nMy intent here isn’t to argue for using C over Rust, it’s to show that decisions around language choice are far more complex than the sound bytes people fling around.\"",
"sig": "c886f8a0c58ae0de4b8667f44e052cba17860f8670b3abd5001ec3a368031616ac6974b91765129205fd87712a2d0f773ef33d6d4473378d1e5343bfa4d42985"
}