Home // CYBER 2023, The Eighth International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Tiago Espinha Gasiba
Sathwik Amburi
Keywords: Cybersecurity; Software development; Industry; Software; Vulnerabilities.
Abstract:
Since the Rust programming language was accepted into the Linux kernel, it has gained significant attention from the software developer community and the industry. Rust has been developed to address many traditional software problems, such as memory safety and concurrency. Consequently, software written in Rust is expected to have fewer vulnerabilities and be more secure. However, a systematic analysis of the security of software developed in Rust is still missing. The present work aims to close this gap by analyzing how Rust deals with typical software vulnerabilities. We also compare Rust to C, C++, and Java, three widely used programming languages in the industry, regarding potential software vulnerabilities. Our results are based on a literature review, interviews with industrial cybersecurity experts, and an analysis of existing static code analysis tools. We conclude that, while Rust improves the status quo compared to the other programming languages, writing vulnerable software in Rust is still possible. Our research contributes to academia by enhancing the existing knowledge of software vulnerabilities. Furthermore, industrial practitioners can benefit from this study when evaluating the use of different programming languages in their projects.
Pages: 19 to 26
Copyright: Copyright (c) IARIA, 2023
Publication date: September 25, 2023
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-68558-113-8
Location: Porto, Portugal
Dates: from September 25, 2023 to September 29, 2023