Rust is a multi-paradigm, general-purpose, compiled programming language.
A few days ago, the news was announced about the results of an investigation in which show that Rust has the potential to attract and facilitate the arrival of new taxpayers to open source projects, while recognizing reducing vulnerabilities.
The studio was carried out by members of the University of Waterloo, Canada through the study of Mozilla's Oxidation project, the authors reveal that the Rust language significantly reduces the likelihood of new contributors introducing vulnerabilities into the code, compared to C++.
In addition, it is mentioned that the research also evaluates Rust vulnerabilities in open source projects and measures the effectiveness of the SZZ algorithm in identifying error-inducing commits.
And it is not surprising that Rust is already among the top programming languages preferred by many, as well as being one of the most recommended for those starting out in the world of programming.
For those who are still unaware of Rust, you should know that this is a multi-paradigm compiled programming language designed and developed by Mozilla Research since 2010. It was designed to be "a practical, concurrent and reliable language", supporting purely functional models, of actors, procedural and object-oriented in certain aspects. Due to Mozilla policy, Rust is developed completely openly and requests feedback and contributions from the community. The language design is gradually improved thanks to team feedback, with most contributions coming from the community.
The group of researchers mention in his publication titled «Grading on a Curve: How Rust can Facilitate New Contributors while Decreasing Vulnerabilities", what New contributors are essential for open source projects, andbecause without them, the project will eventually atrophy and become dormant, or its experienced contributors will skew the project's future directions.
However, new taxpayers They may also be at greater risk of introducing vulnerable code. For projects that need secure deployments and a strong, diverse community of contributors, this conflict is an issue that has always had to be taken into account. It is because of that It is mentioned in the investigation that one of the planned routes To achieve this goal, to reduce the possibilities of introducing vulnerable code, consists of rewriting elements of C or C++ code in Rust, a language designed to apply to the same domains as C and C++, but with greater security guarantees.
To determine whether Rust can help prevent new contributors from introducing vulnerabilities and thus ease the burden on maintainers, we examined Mozilla's Oxidation project, which replaced components of the Firefox web browser with equivalents written in Rust.
The researchers relied on the collection of available data of these projects to derive parameters for the learning curves of a new application, and which was also used to estimate the proportion of changes that introduce new contributor vulnerabilities in a way that is directly comparable.
We found that, despite usability concerns, new contributors to Rust projects are approximately 70 times less likely to introduce vulnerabilities than new contributors to C++ projects.
The study reveals that the rate of new contributors increased overall after the switch to Rust, implying that this decrease in new contributor vulnerabilities is not the result of a smaller pool of more skilled developers, and that Rust may, in fact, facilitating the arrival of new contributors to open source projects.
At the same time, they mention that they carried out a qualitative analysis of Rust vulnerabilities in these projects and based on this they carried out a measure of the effectiveness of the common SZZ algorithm in identifying commits that induce errors from their fixes.
Finally if you are interested in knowing more about it, you can check the details In the following link.