Zühlke – Empowering Ideas

Medical Device and Healthcare

Rust – secure software by design

Rust - a promising alternative to C+?

Can software be completely bug-free? No – and it’s a major problem, especially in sectors like automotive, aviation and medical technology. In these sectors, a huge amount of effort goes into fixing security vulnerabilities and protecting data. Rust is a still relatively new programming language which takes an interesting approach to this problem. In Rust, the most damaging security vulnerabilities are prevented at source. As well as reducing risk, this also reduces operating costs – and could revolutionise software development. 

5 minutes to read
Author

Even today, for low-level or high-performance applications, C and C++ are pretty much de rigueur. Their flexibility and efficiency mean that, despite being 50 and nearly 40 years old respectively, in many areas they remain indispensable. Until now, they have always succeeded in adapting to new technologies and requirements.

This dominance, however, is starting to wane. 

The reason for this is that in recent years there has been a growing emphasis on security. C and C++ applications are regularly found to contain very expensive and potentially very damaging bugs as a result of failure to correctly handle application memory (memory safety errors).

Memory safety errors in C/C++

Three examples show how these memory safety errors can have serious consequences:

  • In the Heartbleed bug from 2014, failure to validate a parameter in SSL packets made it possible for an attacker to read SSL server application memory. Cryptography and security expert Bruce Schneier was scathing about the effects of the Heartbleed bug, “Catastrophic is the right word. On the scale of 1 to 10, this is an 11.”
  • Ripple20 from 2020 was a set of 19 different vulnerabilities in a widely-used TCP/IP library. According to the discoverers, it is likely that “hundreds of millions of devices are vulnerable, maybe even billions.”
  • Just six months after Ripple20, multiple security vulnerabilities were once again discovered in multiple TCP/IP libraries, most of which were again the result of memory safety errors. AMNESIA:33 affected more than 150 manufacturers and over one million IoT devices.

Major tech companies, including Apple, Chromium, Microsoft, Google, Mozilla and Ubuntu are aware of the danger and have concluded that a massive 70% of bugs identified once a product is in use fall into the category of memory safety errors.

The problem is made worse by the fact that bugs identified after a product is in use are the most expensive and can cause the most damage.

Infografik rust blogpost en 1 01 Design Cost of xing a bug depending on the development phase Testing Implementation After Delivery

The advantages of Rust

It’s exactly this problem that Rust sets out to solve. The programming language was released in 2015 and is developing into a serious alternative to C and C++. Particularly for products with high security, efficiency, speed and maintainability requirements, Rust is becoming increasingly appealing. From our perspective, it looks likely that Rust will soon be a major success factor in areas such as the medical technology, aviation and automotive sectors. In our view, there are 3 main reasons for this:

  1. Rust makes software safer. The language prevents code that leads to memory safety errors from ever being compiled. In other words, most of the most serious bugs in C and C++ projects could never have happened in Rust. 
  2. Over the complete software life cycle, Rust makes software significantly cheaper. A large portion of software costs result from fixing the inevitable bugs that arise when programming. With Rust, most of the potentially most serious bugs are eliminated early in the development process. Amazon shares this view, “Rust uses a strict type system and ownership model to achieve compile-time verification of memory and concurrency safety, making the cost of testing and validating Rust implementations significantly lower than C/C++.”
  3. Rust delivers excellent performance. Its speed and memory efficiency are comparable to C and C++.
Pproportion-of-memory-erros

More than just a secure programming language

In the enterprise environment, the combination of security and performance in particular has enabled Rust to become a significant alternative to garbage-collected programming languages like Java, C# and Go. This is also a clear indication that Rust is as maintainable as other modern programming languages and promises to boost the efficiency of embedded development.

In view of all these points, it’s no wonder that, since 2016, Rust has consistently been the most loved programming language among software developers

Given the range of advantages it offers, one has to wonder why Rust hasn’t long become the standard, especially for safety-critical software. In our view, there are three main reasons for this.

  • Rust is still a very new programming language. It needs time to prove itself against an ecosystem that has grown up over nearly half a century. One of the consequences of this is that there are far fewer top-notch Rust developers. Nonetheless Rust is currently developing at an incredibly rapid pace. Rust is achieving in months milestones that have in the past taken years of development, and the community is growing equally rapidly.
  • Although Rust already reliably supports many established scenarios, some more specialised fields, such as embedded software development and compiler certification (e.g. ISO 26262) are still at an early stage.
  • There are also situations in which Rust’s manual memory management is too time-consuming. This is usually the case in situations where speed, latency or memory usage are non-critical. In this case, programming languages with garbage collection like Java, C# and Go offer a better ROI.

Summary

There are good reasons why Rust is becoming increasingly popular. One key reason is the growing need for efficiency and risk minimisation. This is where using Rust offers a number of advantages, whether it’s for a heart pacemaker, an airbag or for online chat and videoconferencing applications. 

The main advantage Rust offers is that it is able to categorically put a stop to memory safety errors, so that post-release bugs are far rarer. Products written in C or C++ found to have memory safety errors are increasingly going to find themselves being unfavourably compared to Rust.

So how can you assess Rust’s potential for your business? 

  • If you’re a big C/C++ user, you should start by analysing the extent to which memory safety errors affect your development speed and the reliability of your applications. Elimination of these errors will usually be noticeable as early as the implementation phase as a result of an increase in the debugging workload. 
  • If you develop lots of enterprise applications in Java, C# or Go, we recommend analysing your speed, latency and memory use requirements. The more important these factors are, the more attractive Rust is likely to be.

A pilot project is a good option for making an initial evaluation. This delivers valuable insights into the potential offered by Rust across your business. A sound business case ensures a good ROI.

We are happy to support you on your journey!