… Are the Feds aware that the core systems that many, many older companies (and government agencies) use are still based on COBOL?
Is… is that not of any concern?
Is COBOL subject to buffer overflows and use-after-free bugs? I honestly don’t know.
I don’t recall the COBOL code I’ve read using pointers.
The problem I am aware of is moreso that the number of programmers that know COBOL is vanishingly small, it … COBOL does not seem to really be taught anymore…
…so if something goes wrong at that level, you may be SOL if you cannot find an increasingly rare programmer that knows COBOL well.
is Rust ready for this?
That sounds like policy written by somebody who has no idea what the reality of software development is.
1 year to rewrite critical software in a new language?
Did you read the article at all?
“Putting all new code aside, fortunately, neither this document nor the U.S. government is calling for an immediate migration from C/C++ to Rust — as but one example,” he said. “CISA’s Secure by Design document recognizes that software maintainers simply cannot migrate their code bases en masse like that.”
Companies have until January 1, 2026, to create memory safety roadmaps.
All they are asking for by that date is a roadmap for dealing with memory safety issues, not rewrite everything.
Feds have found a way to hack rust /s?
DARPA has unironically been funding a tool that purports to translate C / C++ into Rust…
Seems excessive to convert everything to rust when you can use std::shared_ptr and std::weak_ptr to eliminate the memory safety issue?
Using smart pointers doesn’t eliminate the memory safety issue, it merely addresses one aspect of it. Even with smart pointers, nothing is preventing you from passing references and using them after they’re freed.
To be fair, it’s entirely possible to make the same and very similar mistakes in Rust, too.
Is it possible to do in Rust?
Yes
Is possible to do in Rust, by mistake, and not easily caught by a review?
Definitively not.
I think you could argue the same point with C++
void foo() { std::vector v = {0, 1, 2, 4}; const auto& ref = v[1]; add_missing_values(v); std::cout << ref << "\n"; } void add_missing_values(std::vector<int>& v) { // ... v.push_back(3); }Neither foo(), nor add_missing_values() looks suspicious. Nonetheless, if
v.push_back(3)requiresvto grow, thenrefbecomes an invalid reference andstd::cout << refbecomes UB (use after free). In Rust this would not compiles.It is order of magnitudes easier to have lifetime errors in C++ than in Rust (use after free, double free, data races, use before initialisation, …)
This would be caught by ASan and other tools though, which should be part of any review.
I think you have a hard time understanding the différence between “not possible” and “much harder”.
In Rust, the code does not compile.
In C++ the code compile, but
- if you have a test case
- this test case triggers the bug (it is not guarateed to properly reproduce you production environment since it depends on the parameters of the allocator of your vector)
- you use ubsan
… then the bug will be caught.
Yes it is possible, noone says the opposite. But you can’t deny it’s harder. And because its harder, more bugs get past review, most notably security bugs as demonstrated again and again in many studies. The
That is an extremely oddly specific cysec issue they’re choosing to target…
It’s one backed by a lot of data. One example is from the Android project.
The percent of vulnerabilities caused by memory safety issues continues to correlate closely with the development language that’s used for new code. Memory safety issues, which accounted for 76% of Android vulnerabilities in 2019, and are currently 24% in 2024, well below the 70% industry norm, and continuing to drop.
https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
There’s an argument that critical infrastructure software vendors are already meeting standards for basic, non-memory related items. Yes, there are other categories, but memory safety is one that’s harder to verify. Moving to memory safe languages is an ensure a category of correctness. This excludes usage of unsafe escape hatches.
