Microsoft plans to explore using the Rust programming language as an alternative to C, C++, and others, as a way to improve the security posture of its and everyone else's apps.

The announcement was made yesterday by Gavin Thomas, Principal Security Engineering Manager for the Microsoft Security Response Center (MSRC).

"You're probably used to thinking about the Microsoft Security Response Center as a group that responds to incidents and vulnerabilities," Thomas said. "We are a response organization, but we also have a proactive role, and in a new blog series we will highlight Microsoft's exploration of safer system programming languages, starting with Rust."

The end game is to find a way to move developers from the aging C and C++ programming language to so-called "memory-safe languages."

Memory-safe languages, such as Rust, are designed from the ground up with protections against memory corruption vulnerabilities, such as buffer overflows, race conditions, memory leaks, use-after free and memory pointer-related bugs.

C#, a programming language developed by Microsoft, also features some memory access improvements but is not as advanced as Rust.

70% of all Microsoft patches are for memory-related bugs

In research presented earlier this year at the BlueHat Israel security conference, Microsoft security engineer Matt Miller said that over the last 12 years, around 70% of all Microsoft's yearly patches were fixes for memory safety bugs.

Image: Matt Miller

The reason for this high percentage is because Windows and most other Microsoft products have been written mostly in C and C++, two "memory-unsafe" programming languages that allow developers fine-grained control of the memory addresses and where code can be executed.

One slip-up in the developers' code that manages memory execution can lead to a slew of memory safety errors that attackers can exploit with dangerous and intrusive consequences -- such as remote code execution or elevation of privilege flaws.

Exploring the use of a memory-safe language such as Rust would provide an alternative to creating safer Microsoft apps.

But Thomas also argues that third-party developers should also be looking into memory-safe languages as well. He cites reasons such as the time and effort developers put into learning how to debug the memory-related security flaws that crop up in their C++ apps.

"A developer's core job is not to worry about security but to do feature work," Thomas said. "Rather than investing in more and more tools and training and vulnerability fixes, what about a development language where they can't introduce memory safety issues into their feature work in the first place? That would help both the feature developers and the security engineers-and the customers."

Microsoft explored memory-safe programming before

Microsoft looking into Rust, as a safer alternative to C++ isn't actually such a big deal.

The OS maker has been looking for safer C and C++ alternatives for years. In June 2016, Microsoft open-sourced "Checked C," an extension to the C programming language that brought new features to address a series of security-related issues.

Microsoft looking into Rust before any other memory-safe language is also not a bad decision. Besides being superior to C# in regards to better memory protections, Rust is also more popular with developers these days and might be easier to recruit for.

Rust -- a hit with the developer community already



The language is today's "most loved" programming language, according to the 2019 StackOverflow survey, the biggest developer survey on the internet.

Developers love it because of its simpler syntax and the fact that apps coded in Rust don't yield the same amount of bugs, allowing developers to focus on expanding their apps, instead of doing constant maintenance work.

On the other hand, StackOverflow survey respondents ranked C as the fourth most hated programming language, with C++ ranking ninth.

Rust, which started as a research project at Mozilla for developing a safer and faster programming language to rewrite the Firefox browser, is also gaining in popularity after organizations started deploying it in the wild.

While initially, most developers dismissed it as a theoretical project, nowadays Rust is proving its mettle.

It's been deployed in Firefox since July 2016, and most recently, the Brave browser also replaced its ad-blocking component -- originally coded in C++ -- with a Rust version. Cloudflare and Dropbox are also two other major tech players who are now running Rust in production systems.

Related cybersecurity coverage: