But also, only 30% of breaches are caused by memory errors. That’s because most CVEs related to memory errors don’t result in as many real life breaches as non memory error related ones. Presumably because this class of vulnerabilities is harder to exploit than ones due to logic errors.
So assuming you could reduce the number of memory error related exploits to zero by avoiding c++, you’d only reduce exploits by 30%. That’s still a great result but not anything like the 70% implied here.
Yes, right. We could completely erase one third of exploitable vulnerabilities (by your numbers) only by switching to modern languages.
There is no good argument against that. Why wait for C or C++ to try and implement get another weird “solution” for those problems? (That no one uses then anyway)
Strawman argument. I’m not suggesting any of those things you made up.
I’m just saying that you can’t claim a program’s “memory safe” when it’s not. If a Rust program has zero unsafe blocks and uses zero unsafe libraries you can say it’s memory safe. Otherwise it’s not.
But also, only 30% of breaches are caused by memory errors. That’s because most CVEs related to memory errors don’t result in as many real life breaches as non memory error related ones. Presumably because this class of vulnerabilities is harder to exploit than ones due to logic errors.
So assuming you could reduce the number of memory error related exploits to zero by avoiding c++, you’d only reduce exploits by 30%. That’s still a great result but not anything like the 70% implied here.
Yes, right. We could completely erase one third of exploitable vulnerabilities (by your numbers) only by switching to modern languages.
There is no good argument against that. Why wait for C or C++ to try and implement get another weird “solution” for those problems? (That no one uses then anyway)
Strawman argument. I’m not suggesting any of those things you made up.
I’m just saying that you can’t claim a program’s “memory safe” when it’s not. If a Rust program has zero unsafe blocks and uses zero unsafe libraries you can say it’s memory safe. Otherwise it’s not.