When ypu are talking web facing client full scale browser, C++ is impossible to secure as well as a safer language and most safer languages are impossible to optimize as well as C++. So rust is not so much exciting as not horrifying.
Yes, I know the argument and it has some merit. I just don't find it very persuasive, so a thing being implemented in Rust doesn't make me any more or less willing to use it. To each their own.
"Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This paper studies the question by surveying 186 real-world bug reports collected from several origins which contain all existing Rust CVEs (common vulnerability and exposures) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code...": https://arxiv.org/abs/2003.03296
nextos|1 year ago
Plus, I don't see how Firefox is really broken. Right now, forking and shipping with a custom user.js is sufficient to fix most annoyances.
JohnFen|1 year ago
timschmidt|1 year ago
Chrome: 70% of all security bugs are memory safety issues: https://www.zdnet.com/article/chrome-70-of-all-security-bugs...
"Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This paper studies the question by surveying 186 real-world bug reports collected from several origins which contain all existing Rust CVEs (common vulnerability and exposures) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code...": https://arxiv.org/abs/2003.03296
Seems persuasive to me.