Microsoft Azure CTO Avoids C and C++ • The Registry

Microsoft Azure CTO Mark Russinovich Own it with C and C++, the time-tested and commonly used programming languages ​​for high-performance native applications.

On Monday, Rusinovic urged the tech industry to abandon C/C++. Speaking of languages, it’s time to stop starting any new projects in C/C++ and use Rust for those scenarios that don’t[garbage collected] He said that language is required. “For security and reliability, the industry should declare these languages ​​deprecated.”

Rusinovic’s rejection of C/C++ arrives because Linus Torvalds, the creator of Linux, It said Confirm that the rust code – except for unforeseen circumstances – It will appear in version 6.1 of the Linux kernelAnd the A long awaited teacher. Linux kernel is written In C with some assembly and some sticky text sprinkled over it.

Designed by Graydon Hoare as a hobby, Rust began appearing in Mozilla in 2006 and debuted in 2010. It began to gain serious attention as an alternative to C/C++ in 2015 with Rust release 1.0.

Since that time, Rust has been the most popular programming language of the year StackOverflow Survey Seven years in a row – despite its reputation as difficult to learn – and it has been incorporated into projects at major tech companies.

Apple, Amazon, Google, Meta, and Microsoft, among many others, use Rust in some capacity or in production. Cloudflare recently Flowed around Pingorathe new HTTP proxy built with Rust, which boosted performance and reduced CPU and memory usage.

Rust appears to be less susceptible to potential memory corruption errors and this makes programs less vulnerable. Microsoft was Talking about dumping C/C++ and troubleshooting rust At least since 2019 it has developed its own cloud-oriented, memory-safe programming language called Verona Project. So Rusinovic’s call to stop C/C++ is not without precedent.

According to Microsoft, About 70 percent of CVEs that have been patched since 2006 caused by memory security issues. Eliminating these bugs will greatly improve software security while reducing the cost of addressing vulnerabilities.

record Microsoft asked if Rusinovic’s recommendation is being adopted at the company level. Redmond declined to comment.

Rust alone will not guarantee that the program is secure. It provides defense against memory security bugs but does not eliminate other classes of vulnerabilities.

Like language documents explain, “Rust contains both a safe and a non-secure programming language.” Developers may choose to write unsafe rust for certain tasks and they may inadvertently generate unsafe code. Rust does not deal with attack vectors that go beyond sound software design such as social engineering. However, it has qualities that recommend it.

Rebecca Rumbul, CEO and Executive Director of the Rust Foundation, said in an email to record. “We hope that this kind of support will eventually lead to investment in Rust’s infrastructure and in the talented Rust community, so that Rust can continue to be safe, secure and sustainable for the future.”

record Bjarne Stroustrup, creator of C++, was asked for comment. We will update this story when we hear back. ®