Blaming Programming Languages for Users' and Developers' Bad Practices
That's like blaming cars for drivers who crash into things
They tell us that the issue isn't Computer Science education (lack thereof) or a lack of quality control or a race to the bottom. They insist, at least in some infiltrated quarters of the US government which publish erroneous reports, that the problem is C and sometimes C++ (as that's allegedly "implied"). We've heard and seen it all before, have we not? I myself, a C programmer for over 25 years, am not buying it. Maybe they should focus on open ports, default and unchanged passwords etc.
Instead they tell us to go to Microsoft GitHub, which is proprietary and whose "security chief" joined after decades at the NSA (not kidding, not a metaphor!), to get something called Rust.
Rust is pure magic, right?
Nope!
See for example:
- What Would Dennis Ritchie Say About the "Memory-Safe" Hype (or Cargo Cult)?
- Rewriting Things in Rust
- Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security
- If Only Everything Was Rewritten in Rust, We'd Have No More Security Issues?
An associate explained that Rust's claims about security are shown to be bluff through their continued use of `curl | sudo bash`
And "it is aside from a comment inside this video," he said, "however the main gist of that video is a falsehood that popularity or ubiquity leads to "security holes"."
"Microsoft has squawked that lie so many years that people who know better end up repeating it."
Bad code will have defects, no matter what it is written in. New code will have more defects, due to a lack of independent (multi-person) audits and lack of 'eyeballs' successfully catching issues in it, either by looking at code or running on edge cases (often incidental). It's just not stress-tested. So using some "new" things like Rust or (re)writing new programs "in Rust" simply means the bugs will be spotted much later. They're 'hibernating'.
Maybe Rust will make it hard to compile things; that's not the same as security.
Good programming isn't "cheap"; you don't get some "vibe coders" [sic] or something similar... or people without background in Computer Science, contrary to what GAFAM told the media earlier this month (they want to hire lesser qualified people as they are cheaper to hire and to keep... or to manage/bully, get rid of, discredit, work to death).
Rust is selling us lies and it's based on myths that are akin to a religion. One might rightly dub it a "cult". It's a Microsoft-loving, Microsoft-trusting cult.
Saying that Rust will fix security holes if a bit like saying that the Tour de France will see better times if all cyclists got training/assistive wheels forcibly bolted on. █