I continued reading through the Rust book today and got to the crux of the matter: ownership. From the book:

Ownership is Rust’s most unique feature and has deep implications for the rest of the language. It enables Rust to make memory safety guarantees without needing a garbage collector

What does this mean? It turns out memory errors account for the most common and severe computer bugs. Languages like C and C++ are considered ‘memory-unsafe’, while Rust aims to prevent memory errors with its unique ownership concept.

In 2023, the Cybersecurity and Infrastructure Security Agency (CISA) detailed “The Urgent Need for Memory Safety in Software Products”:

Microsoft reported that “~70% of the vulnerabilities Microsoft assigns a CVE [Common Vulnerability and Exposure] each year continue to be memory safety issues.” Google likewise reported that “the Chromium project finds that around 70% of our serious security bugs are memory safety problems.” Mozilla reports that in an analysis of security vulnerabilities, that “of the 34 critical/high bugs, 32 were memory-related.”… In what other industry would the market tolerate such well-understood and severe dangers for users of products for decades?

In 2024 the government urged companies to drop memory-unsafe languages in favor of memory-safe alternatives. Among those, CISA specifically named Rust:

In 2006, a software engineer at Mozilla began working on a new programming language called Rust. Rust version 1.0 was officially announced in 2015. Since then, several prominent software organizations have started to use it in their systems, including Amazon, Facebook, Google, Microsoft, Mozilla, and many others. It is also supported in the development of the Linux kernel.

These memory errors have a huge financial and human toll. Considering all of the devices running memory-unsafe code, the impact of a memory-safe language like Rust cannot be overstated. In an interesting article detailing the history of Rust, this anecdote shows its advantage over other memory-safe languages:

a study of Rust-based code found it runs so efficiently that it uses half as much electricity as a similar program written in Java

A safer alternative that is just as performant, what’s the catch? Developers have to learn Rust’s ownership concept, which I read through today. It definitely will take some getting used to as a former PHP developer. I’ll need to know whether variables are stored on the stack or the heap and write code accordingly. Once heap variables go out of scope, they are automatically dropped from memory. More to think about for me especially at first, but in the long run I’ll be writing safer and more efficient code.

I’ll continue reading through references tomorrow and getting the hang of these unique concepts. Getting closer to writing some actual code!