川普在美国宾州巴特勒的一次演讲中遇刺_20240714川普在美国宾州巴特勒的一次演讲中遇刺_20240714

By [Your Name], Senior Journalist and Editor

Google’s commitment to memory-safe software developmenthas yielded remarkable results, significantly reducing the number of memory safety vulnerabilities in the Android operating system. In a recent report, Google revealed that the proportion of Android vulnerabilitiescaused by memory safety issues has plummeted from 76% in 2019 to an estimated 24% by the end of 2024, well below the industry standard of 70%. This dramatic improvement in Android’s code risk profile is attributed to the adoption of Safe Coding practices, a set of software development techniques designed to prevent vulnerabilities through the use of memory-safe programming languages (including Rust), static analysis, and API design.

The shift to Safe Coding by previous generations can be quantified by the assertions that can be made when developing code, said Jeff Vander Stoep, Android security teammember, and Alex Rebert, Google Senior Software Engineer. Safe Coding allows us to make strong assertions about the properties of code and what can or cannot happen based on those properties, rather than focusing on the interventions that are applied (like mitigations and fuzzing), or trying to predict future security based on past performance.

Rust: A Game Changer

A key component of Safe Coding is the development of software using memory-safe programming languages like C#, Go, Java, Python, Swift, and Rust. Memory safety vulnerabilities, such as buffer overflows, are responsible for a significant portion of serious security flaws in large codebases.This realization has spurred a widespread push in both the public and private sectors to reduce the occurrence of memory safety vulnerabilities.

The international memory safety movement has led to increased adoption of Rust for development in Android and other projects, offering memory safety without compromising performance in most cases. The benefits extend beyond security, boosting developer efficiencyas well.

Safe Coding shifts the defect finding work further left, even before code is submitted, leading to more correct code and more efficient developers, said Vander Stoep and Rebert. We see this shift reflected in important metrics like rollback rates (emergency rollbacks of code due to unexpected errors). The Android teamhas observed that Rust changes have a rollback rate less than half that of C++.

A Legacy of Legacy Code

For businesses with a large amount of legacy code, the good news is that rewriting old code in a new language may not be necessary. Google’s approach emphasizes the use of Rust alongsideexisting codebases, allowing for a gradual transition to safer practices.

The Future of Secure Software Development

The success of Google’s Safe Coding initiative demonstrates the transformative power of embracing memory-safe programming languages and practices. As the industry continues to evolve, we can expect to see even more innovation in this area, leadingto a future where software development is not only more efficient but also inherently more secure.

References:

  • Google Report: [Link to Google’s report]
  • International Memory Safety Movement: [Link to relevant information]


>>> Read more <<<

Views: 0

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注