"Written in Rust" is quickly turning into the programming equivalent of "This web site is secure" badge.
Yes, Rust can eliminate a significant portion of memory-safety related bugs. But it doesn't eliminate all bugs, or all security bugs, or all memory-safety related bugs for that matter.
We need better metrics for safety than "Manufactured in Sweden" of programming in marketing copy. Perhaps certifications and compliance programs similar to FCC, TUV. Maybe like PCI but with an expanded scope.
It's only a matter of time a significant memory-safety related vulnerability is found in a Rust program and everyone will start saying "see? Rust has as many safety problems as C" and use it as an excuse not to use it if we lean too much on "Rust = safety" false equivalence.
We already have that. It is the Common Criteria for Information Technology Security Evaluation, ISO 15408. Most large software developers already certify products against it such as Windows [1], iOS [2], Android, Linux, etc. It is the primary certification presented in "About Security" and "Certification" pages by almost every company if they have any certifications at all.
The thing is that they all certify at the lowest possible levels which certify that the systems ensure no meaningful security because they are unable to certify the presence of any meaningful security in those products even after decades of attempts. You do not establish any audited security until you reach a level comparable to EAL5, and most companies opt for EAL1 with all of the big names maxing out at EAL4 historically. For some reason, people are happy using products that are certified to be insecure and inadequate which is why we are in this insecure hellscape.
The Common Criteria is broadly and comprehensively used and covers most major product categories. There is no product security standard more widely used and internationally accepted and most major vendors already certify against it.
It is just that they all certify at the lowest levels of compliance because they are incapable of doing better. To compare against PCI DSS, it is like everybody is compliant… at Level 4. Or like having a certified apprentice electrician wiring up your substation. It is obviously wrong and inadequate, but people have been convinced to have warm fuzzy feelings when they see the word certified no matter how low of a certification level was chosen.
It is why everything gets hacked all the time, everybody is deploying systems that are certified insecure and inadequate for their operating environment.
Yes, Rust can eliminate a significant portion of memory-safety related bugs. But it doesn't eliminate all bugs, or all security bugs, or all memory-safety related bugs for that matter.
We need better metrics for safety than "Manufactured in Sweden" of programming in marketing copy. Perhaps certifications and compliance programs similar to FCC, TUV. Maybe like PCI but with an expanded scope.
It's only a matter of time a significant memory-safety related vulnerability is found in a Rust program and everyone will start saying "see? Rust has as many safety problems as C" and use it as an excuse not to use it if we lean too much on "Rust = safety" false equivalence.