Avoiding C-language code traps is the simplest method to avoid them.
The Internet Security Research Group (ISRG), the parent organisation of the more well-known Let's Encrypt project, has awarded Miguel Ojeda a one-year contract to work full-time on Rust in Linux and other security projects.
What exactly is a Rust for Linux?
Rust is a low-level programming language that provides most of the flexibility and performance of C, which has been used for kernels in Unix and Unix-like operating systems since the 1970s, but in a more secure manner.
At the 2020 Linux Plumbers conference, efforts to make Rust a viable language for Linux kernel development began, with Linus Torvalds himself endorsing the concept. Torvalds explicitly requested that the Rust compiler be included in the default kernel build environment to assist such efforts—not to replace the Linux kernel's whole source code with Rust-developed counterparts, but to allow for suitable new development.
Using Rust for new kernel code—which might include new device drivers or possibly the replacement of GNU Coreutils—could reduce the amount of problems in the kernel. Rust simply won't let a developer leak memory or introduce the risk of buffer overflows, both of which are common drivers of performance and security problems in sophisticated C-language programmes.
Google, the ISRG, and Ojeda
The Internet Security Research Group's new contract provides Ojeda with a full-time salary to continue the memory security work he was already performing part-time. ISRG Executive Director Josh Aas says the group has collaborated extensively with Google engineer Dan Lorenc, and that Google's financial assistance is crucial to Ojeda's continued work.
"Large efforts to eliminate entire classes of security issues are the best investments at scale," Lorenc said, adding that Google is "thrilled to [help] the ISRG support Miguel Ojeda's work dedicated to improving the memory safety of the kernel for everyone."