Mark Russinovich, CTO of Microsoft Azure, discussed the companyâs shift towards using Rust to address security vulnerabilities inherent in C/C++. He highlighted that 70% of vulnerabilities across Microsoft products stem from unsafe memory handling in C++. Other tech firms, including Google, have reported similar findings. Rust offers strong memory safety features, which could potentially mitigate these risks. Microsoftâs 'Secure Future Initiative' aims to further integrate Rust, utilizing generative AI to facilitate this transition, marking a significant change in secure software development.
The journey actually begins with us looking at the problems we've had with C and C++ [... Looking at a] summary of Microsoft security response centers triaging of the vulnerabilities over the previous 10 years across all Microsoft products, 70% of the vulnerabilities were due to unsafe use of memory specifically in C++ and we just see this trend continuing as the threat actors are going after these kinds of problems. It also is causing problems just in terms of incidents as well.
Memory corruption vulnerabilities have been the standard for attacking software for the last few decades and it's still how attackers are having success.
Collection
[
|
...
]