this post was submitted on 08 Dec 2023
38 points (100.0% liked)

Rust

5999 readers
64 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
 

From the conclusion:

The authoring agencies urge executives of software manufacturers to prioritize using MSLs [memory-safe languages] in their products and to demonstrate that commitment by writing and publishing memory safe roadmaps. The authoring agencies encourage software manufacturers to lead from the top by publicly naming a business executive who will personally drive the elimination of memory safety vulnerabilities from the product line.

top 7 comments
sorted by: hot top controversial new old
[–] CameronDev@programming.dev 16 points 11 months ago (1 children)

They are absolutely right, but will be interesting to see the reaction from the tinfoil hat lot.

[–] sxan@midwest.social -4 points 11 months ago (2 children)

I am immediately suspicious of anything the NSA recommeds. I'll buy extra tin foil if I have to, but this is also the agency encouraging organizations to use cryptography that they have backdoors into. They are not your friends, and anything with their name on it deserves skepticism.

The last thing I want is the NSA recommending my software. It's cause for minor panic and a thorough review.

[–] Reacher@lemmy.world 14 points 11 months ago (1 children)

That's reverse psychology. They know everyone will lose trust in Rust and go back to memory unsafe languages so they can hack our software again.

  • put my tin foil hat aside -
[–] neurogenesis@lemmy.dbzer0.com 8 points 11 months ago (1 children)

That's exactly what they think you're thinking about what they think you thought they were thinking, I wouldn't fall for it

[–] rmuk@feddit.uk 7 points 11 months ago (1 children)

Found the NSA agent. Don't trust what they tell you to not trust when you're not trusting. That's what they want you to want.

[–] Reacher@lemmy.world 4 points 11 months ago

That's true. So I use Rust but I don't use Rust.

[–] technom@programming.dev 9 points 11 months ago

You might want to have a relook at your own statement here. It's got a load of paranoia. Paranoia beyond common sense and realistic threat assessment is unhealthy.

As for the NSA, it's like they have a split personality (which I think is true for anyone in their position). Their job isn't all about stealing information. They also have the mandate to secure their own and their allies' assets. After all, who knows what's more vulnerable to thievery than an experienced thief? Their job is as much to harden security as it is to compromise.

Finally, their statement is to move to a safe language - one of which is Rust. For your apprehensions about their backdoors to be true, they'd have to compromise every memory safe language out there - Rust, Go, Swift, Nim.... There's reason to be suspicious if they recommend only one language (that is more or less what happened with the NIST pseudorandom generator algorithm). But that isn't the case here.

And you need to assess statements on their own merit - not based on who says it. What they say is true even in our personal experiences. It's been shown statistically that people write much fewer bugs (memory safety bugs are a huge class) with safe languages. I'm not even confident of writing correct C programs these days. Honestly, if your paranoia is true, then it's easier for the NSA to recommend everyone to write in C or C++. That way people will write careless mistakes that they can exploit. And C/C++ usage is way more than for Rust or anything else. They'd target C/C++ compilers and standards to increase their impact.