(no title)
ibotty
|
2 months ago
There is relatively little Rust in the kernel, but there are even less Rust CVEs. In this cycle alone there were 160 CVEs, one in Rust. The first one! The amount of rust is way less than 1/160 and even that statistic is off, because one should count all CVEs.
Someone|2 months ago
That is debatable, and I think untrue. It sometimes takes years to find CVEs in C code, and I don’t know of an argument why that would be different for Rust.
The fairest comparison, I think, would be with other new code of similar complexity in the kernel, and track #of CVEs per equivalent functionality (per line of code might be sufficient, but if one language is verbose than the other, you should correct for that)