The Rust Foundation is an independent non-profit organization to steward the Rust programming language and ecosystem, with a unique focus on supporting the set of maintainers that govern and develop the project.
It makes total sense that new C++ will contain a higher percentage of bugs than old C++, but after being an almost full time Rust dev for the last two years, you will not convince me that new Rust code has more bugs than old C++ code.
So far I have yet to come across a bug in any of my Rust code that made it into production. All issue reports from users are still related to the C++ code base that we haven’t managed to fully divorce from.
The only advantage to C++ interop is that managers want to see new code get deployed immediately and continuously. They don’t want to wait until the corporation’s billions (literally) of lines of code are all rewritten in a new language before they start to see the benefits of that transition.
> The good news for organizations with a lot of unsafe legacy code is that rewriting old code in new languages probably isn’t necessary.
> That’s not to say old bugs miraculously become unexploitable. Rather, the overall density of vulnerabilities diminishes – a statistical win but not a guarantee of safety.
It makes total sense that new C++ will contain a higher percentage of bugs than old C++, but after being an almost full time Rust dev for the last two years, you will not convince me that new Rust code has more bugs than old C++ code.
So far I have yet to come across a bug in any of my Rust code that made it into production. All issue reports from users are still related to the C++ code base that we haven’t managed to fully divorce from.
The only advantage to C++ interop is that managers want to see new code get deployed immediately and continuously. They don’t want to wait until the corporation’s billions (literally) of lines of code are all rewritten in a new language before they start to see the benefits of that transition.
@5C5C5C I found back the study I was talking about
https://www.theregister.com/2024/09/25/google_rust_safe_code_android/
> The good news for organizations with a lot of unsafe legacy code is that rewriting old code in new languages probably isn’t necessary.
> That’s not to say old bugs miraculously become unexploitable. Rather, the overall density of vulnerabilities diminishes – a statistical win but not a guarantee of safety.