Google has launched an initiative to address issues in open source software caused by insecure memory handling. According to Google, 70% of security issues in Chromium are caused by memory bugs, such as accessing a buffer after it has been freed (use-after-free). The Microsoft study also concluded that 70% of all vulnerabilities addressed in the software updates studied were due to unsafe memory handling. Another study showed that 53 of the 95 vulnerabilities identified in the curl utility could have been avoided if the code had been written in a memory-safe language.
As examples of the first initiatives funded by Google and carried out in conjunction with the ISRG (Internet Security Research Group), the creation of an alternative HTTP backend for the curl utility and the development of a new TLS module for the Apache http server are noted. Both projects are implemented in the Rust language, which focuses on safe memory management and provides automatic memory management, which, when used properly (no unsafe actions with pointers in unsafe mode), allows you to protect yourself from problems such as accessing a memory area after it is freed, dereference null pointers and buffer overflow.
Source: opennet.ru