this latest edition of "Android team posting nothing but Ws for adopting Rust" is super important because it identifies that:
*you don't have to actually rewrite all your old unsafe C/C++ code to get the benefits of adopting safe languages, in terms of reducing vulnerabilites*
because they identify that most bugs are in new/changed code (with exponential decay!), so if you preferentially write new code in a safe language, your vulnerabilities crater even though most of your code is still unsafe!
https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
@Gankra my professional opinion is that this is correct and you should RIIR mostly only if you need the code base to be safe on a shorter horizon than the half life of your bugs
@fay59 eh with this result you still need to riir any component that gets a lot of changes. but like any Haunted components no one touches? fuck it
@sasha@noraa.gay@Gankra I want to introduce Rust at work, but my company's products mostly run on a RTOS that Rust doesn't support.
@Gankra Rewriting the old code is also almost guaranteed to introduce new bugs, just not of the memory corruption kind.
@Gankra Ok but an even better way is to stop writing new code nobody asked for.
@Gankra is this because older code is going to be more stable and well tested so a lot of the vulnerabilities will have been removed already?
@eniko pretty much
@Gankra that makes a lot of sense