Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If a language that claims to be security focused

Rust does not claim to be particularly security-focused, only memory safe.

Also, this means that you'd consider any expression-based language to be inherently a security problem.



"Memory safety" is an aspect of computer security. And security is the first listed value in rust's mission statement.

Rust is not written as a pure expression based language. And as we all know very well from the experience with C and JS, any unexpected and weird looking code has the potential to hide great harm. Allowing programmers to stray too much from expected idioms is dangerous.


It is an aspect, but it Rust does not promise your core is secure.

It’s not purely expression based but it is very close to it, there’s only a few kinds of statements, the vast majority of things are expressions.


I think you're looking at it a little backward. Or rather, with superset/subset confusion. Rust can say "we care about memory safety" without being security-focused. But Rust cannot say "we are security-focused" without also caring about memory safety.

Being security-focused requires you to care about a laundry list of things, including memory safety. But on its own, caring about memory safety just means... you care about memory safety.


We would need an example of puzzling code that can easily hide (security) bugs.

The submission shows weird program snippets. I don’t think it shows weird snippets that can also easily hide bugs?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: