Rust has been added to the Safer Language list of the US National Institute for Standards and Technology (NIST). This list focuses on safer programming languages for software quality assurance and prevention of vulnerabilities. Rust’s ownership concept is emphasized, which prevents typical memory errors that occur in C or C++. The language’s three ownership rules include every value having an owner, only one owner existing at a time, and value being dropped when the owner is no longer in the execution context. Required memory is reserved when the variable is initialized, and unsafe operations must be explicitly marked as such. The Rust Foundation blog provides more details.
The Safer Language list includes seven recommendations, including SPARK from AdaCore and additions and tools for C or C++ that prevent insecure memory access, buffer overflows, and other vulnerabilities. The coding standards of the Computer Emergency Response Team (CERT) can also be found on the list.
Rust’s ownership model sets strict rules that prevent memory errors. This approach requires a different way of assigning values than in other programming languages, such as cloning values, which takes up more memory. Rust allows unsafe operations, but they must be explicitly marked as unsafe. Unsafe Rust should be the development exception and only allows limited unsafe actions.
