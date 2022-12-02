



Google has been integrating code written in the Rust programming language into the Android operating system since 2019, and that effort has paid off in the form of fewer vulnerabilities.

Memory safety bugs, such as reading and writing out of bounds and use after free, account for over 65% of high-severity and critical bug vulnerabilities in Chrome and Android, a number that is higher than other The same is true for vendor software. Failure to catch these flaws early reduces security and increases software development costs.

But four years after Android collected Rust shards, that number went down.

Android security engineer Jeffrey Vander Stoep said in a blog post:

Vander Stoep said this decline is consistent with a move away from non-memory-safe programming languages ​​(C/C++ which is not memory-safe but can be supported). says.

Since Android 12 last year, Rust has become the Android platform language. And now, with Android 13, most of the new code added to the release is written in Rust, Java, or Kotlin, which are memory-safe languages, said Vander Stoep.

As less memory-unsafe code is introduced to Android, memory safety flaws have decreased from 76% of Android vulnerabilities in 2019 to 35% in 2022. This is the first year that memory safety bugs do not account for the majority of vulnerabilities.

Other vulnerabilities have been stable over time, occurring at a rate of about 20 per month over the past four years. Most of the critical issues were due to memory safety issues, so the vulnerabilities exposed have proven to be of low severity.

Google isn’t the only big tech company to see the benefits of memory-safe code. Meta thanks Rust. A few months ago, Microsoft CTO Mark Russinovich said that C/C++ shouldn’t be used to start a new project and that if he wants a language without collections he should deploy Rust. Declared there is.

At the time, C++ creator Bjarne Stroustrup challenged Russinovich’s guidance, pointing out that type and memory safety could be achieved in ISO standard C++, and enhanced it with static analysis. As Stroustrup thinks, helping C++ evolve makes more sense than deprecating the language and leaving unsafe code alone.

According to Vander Stoep, Google continues to invest in tools for writing safer C/C++ code, pointing to Scudo-enhanced allocators, HWASAN, GWP-ASAN, and KFENCE on Android devices . And he says Google is increasing its use of fuzzing. But while such measures have contributed to the reduction in memory-safe bugs, he argues that most of the reduction in vulnerabilities is due to the move to memory-safe languages.

In Android 13, approximately 21% of new native code is written in Rust. This includes about 1.5 million lines of Rust code from the Android Open Source Project (AOSP), which consists of components such as Keystore2, the new Ultra-wideband (UWB) stack, and DNS-over-HTTP3. C++.

And so far, Rust has paid off. “So far, there have been zero memory safety vulnerabilities found in his Rust code on Android,” said Vander Stoep.

Rebecca Rumbul, executive director and CEO of the Rust Foundation, said in an email to The Register: “It’s no surprise that Rust is being increasingly integrated into existing projects and products. Her recent Google blog discussing Rust on Android highlights Rust’s security benefits. increase.”

“These security benefits have also been recognized by policy makers around the world, with governments in Europe and North America seeing Rust as a solution to some of the security problems they have experienced in the past,” said Rumbul. increase.”

The US National Security Agency recently observed that while languages ​​like C++ can offer a lot of flexibility, they rely on programmers to provide the necessary memory reference checks.

“While software analysis tools can detect many instances of memory management problems, and operating environment options can provide some protection, the inherent protections provided by memory-safe software languages ​​prevent most memory management problems. We can prevent or mitigate the problem,” the agency said in the guidance. [PDF] Published last month. “NSA recommends using memory-safe languages ​​whenever possible.”

Sources 1/ https://Google.com/ 2/ https://www.theregister.com/2022/12/02/android_google_rust/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos