Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities

Google announces $1 million investment in improving Rust’s interoperability with legacy C++ codebases.

Google today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code.

The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe programming language across Android and other Google products, due to its benefits for addressing memory safety vulnerabilities.

“Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem. This investment aims to expand the adoption of Rust across various components of the platform,” said Dave Kleidermacher, Google VP of Engineering, Android Security & Privacy.

Rust’s interoperability with Android and C++ has improved as well, courtesy of multiple tools, and the adoption of the programming language has accelerated, Google says.

However, with most of the progress mainly driven by tools that support a specific project or company, Google wants to invest in and collaborate in areas needed to accelerate the overall adoption of Rust.

Additionally, the company says, it is aggregating and publishing audits for Rust crates used in open source Google projects.

The support for Google has allowed the Rust Foundation to launch a new ‘Interop’ initiative, to make it easier for interested organizations to invest in Rust.

The first task of this new initiative will be drafting a scope of work proposal that will be discussed amongst the Rust Project member organizations.

Advertisement. Scroll to continue reading.

The Rust Foundation will likely recommend hiring Interop Initiative engineers and allocating resources towards improving interoperability, building system integrations, using artificial intelligence to migrate code from C++ to Rust, or a combination of these.

“Improving memory safety across the software industry is one of the key technology challenges of our time, and we invite others across the community and industry to join us in working together to secure the open source ecosystem for everyone,” Google notes.

Related: Google Open Sources AI-Aided Fuzzing Framework

Related: Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions

Related: Google Migrating Android to Memory-Safe Programming Languages

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.