> The point is that memory issues are a smallish number of issue compared to the larger ecosystem of vulnerabilities
replyIf memory safety issues are 75% of exploited zero days it sounds to me like they're the biggest issue in the ecosystem by far.
Perhaps. But what percentage of exploits are actually zero days versus, say, 10 days or 100 days?
replyMost exploited code probably exists in the application layer in a high-level, memory safe language. I would wager that but I don’t have time to cite ten papers on HN.
Rust and Ada are about equally safe, both have advantages and disadvantages. Perhaps you're thinking about SPARK ADA, but that's a different kettle of fish.
replyIt's a bit like saying you should program in C, because formal verification tool X generates C code hence C is safe.
Rust and non-SPARK Ada are not equally safe. Ada is unsafe in the presence of data races, and also has runtime checks that slow it down, or you disable them and then it's even less safe.
replyYeah SPARK ADA is what I meant :)
replyI think formal verification is the way to go with AI moving forward.
Rust is a beautiful language. Gorgeous.
reply