Bill Buchanan - Doh! Rust Takes Years To Learn!

ASecuritySite Podcast - A podcast by Professor Bill Buchanan OBE

Categorie:

The worm is turning! C and C++ have ruled the core of our digital world for a long time and still do. But, they do not handle memory well, where we get buffer overflows (Morris Worm, SQL Slammer, and so many more) or buffer underflows (Heartbleed). This can involve a stack overflow attack, and where the program writes too much data to the stack that has been allocated for a given buffer, and for a heap overflow attack, where we overrun the memory into a space that is not allocated for a buffer. These problems often allow adversaries to write data into places that it was not intended for or can cause an exception in the handling of the code (and thus cause a problem to act unreliable). A typical area is to overwrite memory that is allocated for other purposes and then cause a Denial of Service (DoS) against the code — and where it just stops working. Along with this, developers often do not clean up their variables, so a garbage collector must come in and free up memory that is not being used anymore. But, Rust just doesn’t allow you to do these things. It has strict checks on the usage of variables at compile time, and if you do something bad with them, it will tell you and refuse to compile the code. In 2015, Rust was born, and in eight short years, many of the major software companies have adopted it as the core of their systems. Google was one of the early adopters but is now joined by Microsoft, who are developing their core code with Rust. But, there are many questions … how long will it take to learn the language and will it make developers more productive? The following relates to research conducted in Google which answers these questions [here]. For this, Google did a survey of 1,000 of their developers. Some Rust and Cryptography is [here].

Visit the podcast's native language site