top | item 46601506

(no title)

rkangel | 1 month ago

> A vigilant C programmer who manually validates everything and use available tools at its disposal is less risky than a complacent Rust programmer who blindly trust the language

I agree with this. But for a component whose job is to parse data and produce pixels, the security worries I have are memory ones. It's not implementing a permissions model or anything where design and logic are really important. The security holes an image codec would introduce are the sort where it a buffer overun gave an execution primitive (etc.).

discuss

lambdaone|1 month ago

Rust programmers are far more likely to have the vigilant mindset than C programmers, or they wouldn't be using Rust.

You can get an awful lot done very quickly in C if you aren't bothered about security - and traditionally, most of the profession has done exactly that.