✧✦Catherine✦✧Nov 14

android's data for rust adoption shows that rust code has ~5000 times fewer memory safety vulnerabilities per MLOC. that's a lot more than i expected, actually! https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

(you might say that you're better than google's devs, but are you *five thousand times* better? i'd be skeptical.)

Rust in Android: move fast and fix things

Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...

Google Online Security Blog
Show threadJoseph Garvin
@whitequark Clearly the data is distorted by the outlier Bob, who has 100 vulns per line
Nov 14 at 10:30pmWeb
Show thread✧✦Catherine✦✧Nov 14
@joseph_garvin this would be an amazing code golf goal: fit 100 vulns in a nornal, 120 column line of code. I'd love to see someone try
Show threadAdvanced Persistent TeapotNov 14
@whitequark @joseph_garvin first rule: using perl for this is cheating
Show threadZoe : Void -> aNov 14
@whitequark @joseph_garvin my first thought is: eval(askChatGPT("code for one website please")
Show threadBilly O'NealNov 14
@whitequark Does the same code in a header resulting in slightly different real exploits by giving attackers a Write-What-Where gadget count?
Show thread✧✦Catherine✦✧Nov 14
@malwareminigun can you rephrase?
Show threadBilly O'NealNov 15
@whitequark Imagine there's an inline function in a header, that has a bug leading to the aforementioned WWW. That header is # included by a hundred other components. Since each component is different, the practical impact of that WWW will be different. But all hundred components need to re-built and re-shipped to fix it
Show thread✧✦Catherine✦✧Nov 15
@malwareminigun clever, i'll allow it this once
Show threadBilly O'NealNov 15
@whitequark (Though I guess I'm not sure how realistic a 1 line WWW is)
Show threadarclightNov 15
@joseph_garvin @whitequark I AM SMARTY WIZARD 5000X PROGRAMMER!