Eric Seppanen @ericseppanen@hachyderm.io
Public

It's pretty neat that the Android team publishes stats like this:

"This near-miss inevitably raises the question: 'If can have memory safety vulnerabilities, then what’s the point?'

"The point is that the density is drastically lower. So much lower that it represents a major shift in security posture. Based on our near-miss, we can make a conservative estimate. With roughly 5 million lines of Rust in the Android platform and one potential memory safety vulnerability found (and fixed pre-release), our estimated vulnerability density for Rust is 0.2 vuln per 1 million lines (MLOC).

"Our historical data for C and C++ shows a density of closer to 1,000 memory safety vulnerabilities per MLOC. Our Rust code is currently tracking at a density orders of magnitude lower: a more than 1000x reduction."

security.googleblog.com/2025/1

Rust in Android: move fast and fix things

Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...

security.googleblog.com · Google Online Security Blog

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://hachyderm.io/users/ericseppanen/statuses/115544130290583694 on your instance and quote it. (Note that quoting is not supported in Mastodon.)