Rust Will Reduce Data Breaches

TL;DR

• Software vulnerabilities result in data breaches, costing $3 trillion in 2019.
• The large majority of vulnerabilities are due to memory safety bugs.
• The Rust programming language makes creating memory safe software commercially viable.

Data Breaches

Nobody wants to be known for a data breach: Equifax, Capital One, Facebook, and many others made front-page news due to lost or stolen customer data. Last year over 1.4 billion financial or personal records were exposed [Statista.com]. The worldwide impact of data breaches is expected to be $5 trillion by 2024 [SC Media].

Building highly secure software is surprisingly difficult. “Impossible” may be more accurate. Companies dedicate very skilled personnel to keeping data secure, yet even highly respected internet companies like Amazon and Google have suffered substantial breaches of customer data. Microsoft spends over a billion dollars annually to improve the security of its products. The company reported ominous results in 2019 [Microsoft Security Research report] indicating the number of vulnerabilities continues to grow annually, and that 70% of vulnerabilities are due to a single root cause – lack of memory safety.

Memory safety is a very low-level concept regarding how software interacts with hardware, so an analogy may be helpful. Art galleries allow multiple people to view artwork at the same time. One day a hundred people are in the gallery, and some art is stolen. The gallery responds by limiting fifty people in the gallery, but art still goes missing, so the limit drops to twenty-five, to fifteen, etc. Unfortunately, none of the gallery’s attempts completely stops the theft. They are left with only one alternative: to abandon the unsafe approach of allowing multiple people in the gallery and adopting the safe approach of allowing only one person at a time. Memory safe programs are similar in that they change how memory can be used such that nefarious actors are tightly restricted.

The reality is that widely-used programming languages are not capable of producing memory safe programs. This fact arose naturally in the very beginning of writing software due to inherent memory limitations. And before the days of global connectivity, a user had to go to the computer in a building (a.k.a., physical security) to access its data. The world has been connecting computers over the internet for over 25 years, which means a lot of memory unsafe systems are accessible from anywhere in the world.

Rust's Advantage

Rust is just one of hundreds of programming languages. What impact will it have that others have not? Rust is the first programming language that:

a)    produces memory safe code, and

b)   is widely accepted by software developers

Both of these factors are necessary to reduce many of the vulnerabilities resulting in data breaches. Programming languages which fail to attract broad interest remain niche or academic. Similarly, many languages have large followings -- Java, C#, JavaScript, Go -- but offer little or no memory safety capabilities. Memory safe programming has been a niche field with little commercial viability.

Until now. The Rust programming language is specifically built for memory safety, and for the past four years developers have ranked it as their most loved language [StackOverflow annual survey].

Finally! Cost Effective Data Security

Companies have been struggling for decades to secure data, but the way software worked makes that goal continuously elusive. Efforts to keep data secure are increasingly costly, and breaches to security cost trillions of dollars. Data breaches continue, abated only by increasingly costly efforts to stop them. The two grow in tandem in a yearly cycle.

Rust is disrupting this cycle. By targeting the biggest source of software vulnerabilities, Rust is a tectonic shift for advancing data security. It disrupts cost escalation by attracting the people who write software. The Rust community and ecosystem are growing rapidly, creating a virtuous cycle of tools and components which dramatically reduce the cost barrier to producing memory safe software.

Enterprises interested in reducing the vulnerability of their data will be attracted to memory safe products. Software vendors are already touting the memory safety of their software, and gaining competitive advantage. Their customers will benefit from lower risk of data breaches, lower costs, and higher customer satisfaction and trust.