Software development

Why I think Rust is Revolutionizing Safety-Critical Systems

Author

Igor Ajdišek

CTO, Partner

Contact the article author via emailVisit the author's LinkedIn profile

Published

July 29, 2024

As CTO my job is to closely follow any new programming languages emerging, promising better ways to build. In recent times, one contender really stood out primarily for its focus on two critical aspects often neglected: security and developer friendliness.

Rust, memory-safe and secure programming language (©Adobe Stock)

Rust, memory-safe and secure programming language (©Adobe Stock)

Rust, touted as the "world's fastest-growing major programming language", continues to be also the most-admired programming language with an 83% score this year, according to the recent Stack Overflow Developer Survey.

I think that Rust is a prime candidate for the language of choice, particularly in safety-critical systems, due to its unique ability to deliver both performance and robust security.

But what does that mean for the vast swaths of legacy code that the world has so far written in C or C++, legacy code that powers most of our critical infrastructure today?

Could these systems ever be retrofitted for security, or is a complete rewrite the only path forward?

Memory Safety: The Achilles' Heel of Legacy Code

Memory leaks and dangling pointers are like ticking time bombs, waiting for the right conditions to explode. These vulnerabilities are also a hacker's dream, offering easy entry points into systems.

The recent reports from the NSA and CISA are a good wake-up call for those ignoring these problems.

Security Through Speed: No Performance Hit for Safety

I think Rust's security features are a game-changer. Features like strong typing and immutability by default help prevent accidental modifications and data corruption, another common attack vector.

Additionally, Rust's borrow checker ensures that only one piece of code can have access to a specific piece of data at a time, further reducing the risk of race conditions and other security vulnerabilities.

What sets Rust apart is its ability to deliver this level of security without sacrificing performance. In fact, Rust consistently outperforms languages like Go and Java by 2- to 3-fold in speed of execution and computational energy consumption. This means we can build applications that are not only secure but also blazing fast, rivaling the performance of C and C++.



Rust's emphasis on memory safety also contributes to its performance advantage. By eliminating the overhead associated with garbage collection and runtime checks, Rust code can execute more efficiently.

Compiler output (@3fs)

The compiler's informative error messages and suggestions are like having a seasoned mentor guiding you every step of the way.

This combination of security, performance, and developer experience makes Rust the ideal choice for safety-critical systems. Whether you're developing self-driving cars, medical devices, or critical infrastructure.

Building a Secure Future: Investments in Rust

The growing importance of secure software development is not lost neither on industry leaders nor policy makers. In spring 2024, both Google and Microsoft made significant investments in the Rust Foundation, each donating $1M. This funding supports dozens of engineers and open-source projects, accelerating Rust's development and adoption.

More recently, the Rust Foundation, together with partner organizations, announced the Safety-Critical Rust Consortium. This consortium aims to establish best practices, develop tools, and create certification programs for Rust in safety-critical systems. By fostering collaboration and expertise, the consortium will help ensure that Rust is used responsibly and effectively in high-stakes applications.

These investments and initiatives are a clear signal that Rust is the future of secure software development. As the industry and governments recognize the critical role of Rust in building a safer digital world, we can expect to see even greater momentum and support for this transformative language.

Can You Patch a Leaky Ship? The Challenge of Securing Legacy Code

If I return to my own questions I asked in the very beginning: What does this mean for the legacy code that the world has so far written? Could these systems ever be retrofitted for security, for better maintainability?

Well, I'm very skeptical that legacy code can ever be truly secure. From my experience, patching legacy code is like trying to plug a leaky boat with a Band-Aid.

I've worked on countless projects where outdated, poorly documented codebases have been a constant source of frustration and risk.

For example, recently we completed a project where a client wanted us to take their original implementation and make it into a modern, mobile web friendly one. It turned out that the legacy implementation not only included the code for the user interface, but also implemented some of the business logic required for transforming the input data before being displayed.

The problem?

Code was over 20 years old, left untouched for quite some time and all the original authors of the code long left the company, many of them retired. Needless to say there wasn’t any documentation that would explain how A transforms to B. And bringing 20 years old code riddled with cybersecurity issues to the web, was certainly not an option. 

This project was a perfect storm of challenges: technical debt, lack of documentation, outdated development practices and security risks.

It became clear that a complete overhaul would be the only way to achieve a secure and maintainable system. However, such projects are often met with resistance due to budget constraints and fear of disruption.

The Future is Secure with Rust

With its unwavering focus on safety and performance, I'm convinced that Rust is the future of programming, especially for safety-critical systems.

By imposing secure guardrails and offering advanced developer tooling for building robust applications, Rust promises a future where critical systems are not just functional but also demonstrably secure, with the codebase easier to maintain and future-proof in the long run. 

In my experience the learning curve associated with Rust is real, but the wealth of learning resources available and the growing Rust community can help developers make the transition.

In the ever-evolving threat landscape, any new development in Rust is a no-brainer, but even a complete rewrite of legacy code might not be a luxury, but a necessity for truly secure safety-critical systems.

More from our blog

Step with us into the brave new world of cloud

Get in touch

1 hour with our expert • Free of charge • No strings attached