BEST OF THE WEB

Google Rust code paying off, reducing memory related flaws

Since 2019, Google has been integrating code written in the Rust programming language into its Android operating system, and its efforts have paid off in the form of fewer vulnerabilities, with more than half of memory-related flaws reduced, a milestone that coincides with Google’s switch from C and C++ to the memory-safe programming language, Rust.

According to Google, the number of memory safety vulnerabilities has decreased significantly in recent years/releases. Between 2019 and 2022, the number of annual memory safety vulnerabilities decreased from 223 to 85. They now account for 35 per cent of all Android vulnerabilities, up from 76 per cent four years ago. In fact, 2022 will be the first year in which memory safety vulnerabilities do not account for the majority of Android vulnerabilities.

Android 13 is the first Android release in which the majority of new code is written in a memory-safe language. Rust accounts for 21 per cent of all new native code in Android 13, including the UWB stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization framework (AVF), and various other components and their open source dependencies.

Google considers it significant that no memory safety vulnerabilities have been discovered in Android’s Rust code across Android 12 and 13. Google also reports a decrease in critical and remotely exploitable flaws.

The sources for this piece include an article in ZDNet.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web