|
|
Subscribe / Log in / New account

Memory Safe Languages in Android 13 (Google security blog)

Memory Safe Languages in Android 13 (Google security blog)

Posted Dec 16, 2022 3:31 UTC (Fri) by njs (subscriber, #40338)
In reply to: Memory Safe Languages in Android 13 (Google security blog) by pawel44
Parent article: Memory Safe Languages in Android 13 (Google security blog)

> I believe factors such as developer experience and proper quality control are even more important than the language used. With memory safety languages, it may be easy for some to write a 'secure' application (or any other), but not so reliable.

Of course you can believe what you like, but the facts we have in front of us in this article are:

- Google made absolutely massive investments in C/C++ quality – sanitizers, fuzzing, language extensions, the MiraclePtr effort, ... – and they still shipped apps with lots of security (and other) bugs. All that stuff has benefits for sure, but none of it moved the needle on these metrics

- They started intentionally using Rust/Kotlin/etc in places where they had previously used C/C++, and this *did* reduce security (and presumably other) bugs.

At this point, arguments that C/C++ are fine if you're just careful/skilled enough are like believing that bad things never happen to good people. People only believe it because it makes them feel good, and let their emotions override objective data or rational judgement.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds