Fortanix, a data-security firm, has found success by committing to the Rust programming language. Rust, which was launched in 2010, offers enhanced security and performance capabilities, making it an attractive choice for organizations that prioritize secure code. Fortanix has integrated support for Intel Software Guard Extensions (SGX) into its platform, allowing for secure user data storage. The company has also benefited from the Rust compiler’s ability to mitigate certain types of vulnerabilities, particularly those related to memory safety.

Jethro Beekman, the Vice President of Technology and CISO at Fortanix, explains that after conducting thorough research and gaining practical experience with Rust, the company decided to fully embrace the language. Beekman emphasizes the effectiveness of Rust’s tooling and compiler in helping developers avoid mistakes.

Despite having a lower TIOBE rating compared to languages like C or C++, Rust is steadily gaining popularity among developers and companies focused on secure code. According to the Stack Overflow “2023 Developer Survey,” although only 12% of programmers used Rust in the past year, nearly 85% of those developers expressed a desire to continue using the language. This high level of admiration from users solidifies Rust’s position as a sought-after programming language.

Major technology companies such as Microsoft and Google have also shown support for Rust. Microsoft is rewriting parts of its kernel using Rust, leveraging the language’s memory safety features to eliminate certain classes of bugs. David Weston, the Vice President of Enterprise and OS Security at Microsoft, states that although the company is still in the early stages of adopting Rust on Windows, it has already seen performance improvements in early versions of the code. Microsoft, as a sponsor of the Rust Foundation, is committed to incorporating Rust into its kernel.

Likewise, Google credits the transition to Rust, Kotlin, and Java from C and C++ for a drop in memory-safety vulnerabilities in Android. Lars Bergstrom, the Director of Engineering for Android Programming Languages at Google, recommends using Rust for new C or C++ code to ensure tight control over system resources and memory.

The National Security Agency (NSA) echoes the sentiment regarding secure code development. The agency advises developers to explore alternatives to C and C++ for security-critical code, as those languages heavily rely on the developer’s ability to avoid mistakes. Rust, with its focus on memory safety, offers a more secure option.

While Fortanix has fully embraced Rust, other companies take a more tactical approach to integrating the language into their codebases. For example, password and identity-management firm 1Password has adopted Rust for its core data security components while using other languages for the front-end interface on various operating systems.

Rust’s adoption extends beyond traditional tech organizations. It has gained significant traction among embedded and connected device firms, particularly in automotive, industrial, and aerospace applications. Additionally, Rust has emerged as a popular choice for creating web and cloud applications using WebAssembly.

Although some may perceive Rust as difficult to learn, a survey of internal programmers conducted by Google revealed that more than two-thirds of Rust learners feel confident in contributing to a project within two months. However, the survey did note that the compiler is slower than desired, which could impact productivity.

Overall, Rust offers a modern programming language that combines security, speed, and performance. While there may be a learning curve and trade-offs to consider, Rust provides developers with the tools necessary to build secure and efficient software solutions.

Source link