Microsoft has made Project Verona, a programming language based on Rust, available on GitHub. The programming language is intended for ‘safe infrastructure programming’, in other words, building safer systems.
The programming language should achieve greater security through better memory management, compartmentalisation of systems and pervasive sandboxing (What this means in comparison to ‘regular’ sandboxing is not exactly clear). In any case, the project is still in its initial phase, so more details are likely to surface later. The project is supported by academics at Imperial College in London.
Securing C and C#
As Matthew Parkinson, researcher at the Cambridge Computer Lab explains, Project Verona is intended to help secure code in more insecure languages. Think of C and C# used in many of Microsoft’s legacy code. Microsoft cannot afford to completely overhaul legacy code, but the company wants to protect it better.
“We’re going to run some C and C++, stuff we don’t trust,” Parkinson said. “We’re going to put it in a box and we know there is this region of objects, we have to be very careful with it, but there’s a group of things going on there and we can built some pervasive sandboxing there. So there can be sandboxed libraries that we can embed in our sandboxed Verona program.”
The GitHub page for Project Verona outlines some of the questions the group wants to answer, which will be worked out in future scientific articles. Microsoft sees Verona as a ‘research programming language’. The open-sourcing of the language should attract researchers to contribute to the project.