[Discuss] Rust vs. C (was Re: Port Scanning)

[markw at mohawksoft.com (markw at mohawksoft.com)]

> On Wed, 7 Aug 2024 11:04:03 -0700
> Kent Borg <kentborg at borg.org> wrote:
>
>> And...that was nicer to the cache, to the tune of being ~32% faster.
>
> I recognize that this is an aberration. That was the point, after all.
>
> Generally, though, I think my point about LLVM in general still stands.
> What makes Rust interesting to me as an outside observer (I'm a
> sysadmin, not a programmer) is that Rust performance is competitive
> with C performance while producing much safer binaries. More Rust means
> less stress for me.

I wouldn't be so confident. The last few big security issues I've had to
fix in products have been attacks that have nothing to do with programming
languages. The last sshd issue where an ifdef/endif was removed from code
which allowed a privilege escalation. The XZ library/systemd/sshd issue,
and a few others I can't recall.

The problem with languages that are supposed to be safer is that they
don't address the root cause of the problem: People who don't know how to
code. Java was supposed to take care of a lot of this, but it didn't. I
doubt very much rust will either. You may reduce the number of one class
of problem, but I am quite sure we'll see another class of problem for
rust.

As for government recommendations on software development, I'll wait.