There is more good news on other fronts, even though most of the headlines about cyber security would make you think the news in the industry is always bad, much the way carnage and crime always lead the evening news. And yes, there is plenty of bad news, as we will note.
But some of the best news of the year you were unlikely to have noticed, which is why we’re calling it to your attention. In fact, it’s good news specifically because it resulted in things you didn’t notice—some unknown number of disaster headlines that didn’t have to be written.
In a couple of major areas, software got safer in 2022. That means while bad things will still happen, they won’t happen as much.
One way is the increased use of the programming language Rust in the Linux kernel, the main component of the free and open source Linux operating system. The Linux OS, which has been around for more than 30 years, had previously been written mainly in C, a low-level language that makes it easier and faster to write code and handle high-performance demands, but that is also notorious for security bugs.
Rust delivers the performance pleasure without nearly as much pain. Travis Biehn, technical strategist with the Synopsys Software Integrity Group, said Rust “is suitable as a high-performance systems programming language, and it also provides safety. Its introduction to operating system components like the Linux kernel means developers can start writing new projects in a safe, modern language. It’s the first step toward better security in Linux kernels. Hopefully Linux isn’t the last project to pursue them.”
Something similar is happening on the browser front, with Mozilla’s Firefox. Web browsers have traditionally been written in low-level languages like C to yield high performance, but they suffered from the resulting plague of vulnerabilities.
“One really error-prone area of programming is writing parsers, video, and audio codecs,” Biehn said. “But Mozilla pioneered an approach with the community so that Firefox can wrap these routines in a special sandbox that prevents software bugs from compromising users’ machines. That’s a huge win, and a new way to use sandboxes to protect users.”