Microsoft wants to investigate whether the Rust programming language can be used as an alternative to C and C++, among other things. In this way, the company hopes to improve the security of its apps and those of others.

The announcement was made by Gavin Thomas, Principal Security Engineering Manager for the Microsoft Security Response Center (MSRC), writes ZDNet. Thomas emphasizes that MSRC not only responds to vulnerabilities and incidents, but also has a proactive role.

Memory-safe languages

In a new blog series, we highlight Microsoft’s exploration of safer programming languages, starting with Rust. Ultimately, the company wants to find a way to take developers away from the aging C and C++, and bring them to memory-safe languages.

Memory-safe languages such as Rest are designed from the ground up with protections against so-called memory corruption vulnerabilities. These include buffer overflows, memory leaks and race conditions.

C#, a programming language developed by Microsoft, also has a number of improvements in terms of memory access. However, the language is less advanced than Rest.

Many memory errors in Windows

Microsoft’s security engineer Matt Miller said earlier this year that about 70 percent of the company’s annual patches over the past twelve years had resolved memory-related errors.

The reason behind this high percentage is that Windows and many of Microsoft’s other products are mainly written in C and C++. These are two memory insecure programming languages, which give developers a lot of control over memory addresses and where code can be executed.

If a developer makes a mistake, it can lead to a series of memory problems. These problems can be abused by attackers, with major consequences. Think for example of remote code execution errors.

Microsoft has been looking for years

It is not new that Microsoft is looking for an alternative to C and C++. The company has been doing this for years. The Checked C extension was made open source in June 2016, and brings new features for the C programming language to address a range of security-related issues.

Rest is, in turn, the most popular programming language of the moment, according to a study by StackOverflow. Developers like the language because of the simpler syntax and the fact that apps made with Rest do not have the same number of errors. This allows developers to focus on expanding the apps, rather than maintaining them.

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.