Google is funding rewrites of critical OSS projects in memory-safe languages ↦
Dan Lorenc, from Google’s Infrastructure Security Team:
Software written in unsafe languages often contains hard-to-catch bugs that can result in severe security vulnerabilities, and we take these issues seriously at Google. That’s why we’re expanding our collaboration with the Internet Security Research Group to support the reimplementation of critical open-source software in memory-safe languages.
Notice he said “expanding our collaboration”, which must mean they’ve been doing this for a bit, but I wasn’t aware of the effort? An uplifting trend, regardless. Work is well underway:
The new Rust-based HTTP and TLS backends for curl and now this new TLS library for Apache httpd are an important starting point in this overall effort. These codebases sit at the gateway to the internet and their security is critical in the protection of data for millions of users worldwide.
Discussion
Sign in or Join to comment or subscribe