Microsoft is exploring the use of the Rust programming language as an alternative to C, C and other languages to improve the security of applications.
Since 2004, Microsoft Security Response Center (MSRC) has classified all reported Microsoft security vulnerabilities. According to their data, about 70% of all Microsoft's annual patches are for memory security vulnerabilities.
About 70% of Microsoft's vulnerabilities per year remain memory security issues.
This high percentage is due to the fact that Windows and most other Microsoft products are mainly written in C and C, both of which are written in C and C.
Thus, exploring memory-safe languages such as Rust is on the agenda, which may become an alternative to creating safer Microsoft applications.
Rust was originally a Mozilla research project to rewrite Firefox browsers more securely and quickly. Recently, Brave browsers replaced advertising interception components originally written in C with the Rust version. StackOverflow in 2019Developer SurveyIt shows that Rust has been reinstated for the fourth year in a row.
Gavin Thomas, MSRC's chief security engineering manager, suggested that third-party developers should also study memory security languages, listing reasons such as how developers spend time and effort learning how to debug memory-related security vulnerabilities in C applications. But this is obviously inappropriate,
To that end, he called for:
MSRC official blog original:Https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-more-secure-code/