The White House Calls for a Fundamental Change in the World of Programming

Transitioning from C/C++ to the Safer Rust

The world of software stands on the brink of a fundamental transformation. In collaboration with leading cyber security experts, the White House is calling on the developer community to take a bold step - to abandon traditional programming languages like C and C++ and switch to more modern and secure alternatives, such as Rust. This call comes at a time when cyber threats are becoming increasingly sophisticated and potentially devastating, and our society is completely dependent on software.

For decades, C and C++ have formed the backbone of the software world. These low-level languages, which offer developers great control and flexibility, are behind operating systems, drivers, embedded devices, and critical infrastructures. However, this strength is also their greatest weakness. Due to their direct access to memory, C and C++ are prone to a whole range of security errors and vulnerabilities, which can have catastrophic consequences.

The Office of the National Director of Cybersecurity (ONCD) at the White House has released a comprehensive report titled "Back to the Building Blocks: A Path Toward Secure and Measurable Software." It elaborately discusses the risks associated with traditional programming languages and presents a vision of the future where "memory-safe" languages like Rust play a leading role.

 "We want Rust to become the new standard for critical software," stated Harry Coker, National Director of Cybersecurity. "As a nation, we have the ability and responsibility to reduce the attack surface in cyberspace and prevent entire categories of security errors from entering the digital ecosystem. The transition to memory-safe languages is a crucial step in this direction." 

Rust

Rust, a programming language developed in 2010 by Mozilla, has been gaining popularity in recent years. It combines the low-level capabilities of C/C++ with an advanced memory management system that automatically prevents many types of errors and vulnerabilities. The result is a language that offers high performance and control while maintaining safety and reliability.

 "Rust brings the best of both worlds," explains Anjana Rajan, Assistant National Director for Technology Security. "It retains all the key features of systems languages but eliminates entire classes of security issues. It is a powerful tool in the hands of developers."

 The risks associated with C and C++ are not merely theoretical. Over the last 35 years, errors in memory management have been behind most major cyber incidents - from the Morris worm in 1988, which exploited a buffer overflow, to the Heartbleed vulnerability in OpenSSL in 2014, which threatened millions of web servers, to the recent BlastPass bug in 2023, compromising critical infrastructures worldwide.

 "These incidents show that improving practices and tools is not enough," says Coker. "We need to get to the root of the problem and change the very foundations on which software is built."

The software ecosystem

 However, transitioning to Rust and other safe languages will not be easy. C and C++ are deeply rooted in the current software ecosystem. Most hardware, operating systems, drivers, and libraries are optimized for these languages. Chip and microcontroller manufacturers primarily provide tools and support for development in C/C++.

 "It's a long haul," admits Rajan. "Even if the entire industry switched to Rust tomorrow, it would take years for the ecosystem to adjust. But every journey begins with a first step, and we believe the time has come to take that step."

 Major tech players like Google, Microsoft, and Amazon are already deploying Rust on a large scale for their critical systems. Rust has become the official language for developing parts of the Linux kernel and the Android operating system. The number of embedded projects and real-time operating systems (RTOS) in Rust is growing. The ecosystem of tools, libraries, and frameworks is rapidly expanding.

 "We see tremendous interest and support from the industry," says Coker. "Companies realize that security is not an add-on but a fundamental requirement. And Rust gives them the ability to build security directly into the foundations of their products."

 Besides transitioning to safer languages, ONCD also calls on the research community to address the problem of software measurability. Current diagnostic tools often do not allow for the quantitative assessment of cyber security levels. The development of new metrics and tools would significantly facilitate the identification and correction of vulnerabilities.

 "We need better ways to measure and communicate software security," explains Rajan. "Just as we have standards and certifications for the safety of cars or electrical devices, we need something similar for software. This is an area where academic research can have a huge practical impact." 

Cybersecurity

The ONCD's challenge to transition to Rust and other safe languages is undoubtedly ambitious and bold. But it is also necessary and timely. In an era when the world is increasingly digital and interconnected, cyber security becomes an existential question. We cannot afford to build our future on shaky foundations.

 "This is an unprecedented challenge, but also a huge opportunity," concludes Coker. "We have a chance to fundamentally change the way we develop software. To move from a culture of speed and functionality at any cost to a culture where security is the highest priority. It's a change our digital future needs and our society demands."

 If the ONCD's vision is realized, the transition from C/C++ to Rust and other safe languages could mark a turning point in software development. A point where security becomes an integral part of every line of code. And in a time when cyberspace is a battlefield and software our most vulnerable infrastructure, it's a change we can't afford to delay.

Clients who have given us trust