Rust on the Rise: New Advocacy Expected to Advance Adoption
Use of the Rust programming language has been on the rise but is only expected to continue to gather steam as more security-focused organizations call for Rust developers — affectionately known as Rustaceans — to use more memory-safe languages.
Most recently, this week the White House Office of the National Cyber Director (ONCD) issued a recommendation that software development organizations begin to use memory-safe languages such as Rust for application and systems development.
Regulatory Advocacy
Already some companies, including Microsoft and Google are looking to rewrite existing C, C++ and C# systems in Rust. Experts expect such efforts to increase.
Indeed, recent advocacy and research efforts from agencies like the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), National Institute of Standards and Technology (NIST), and ONCD “can serve as valuable evidence of the considerable risk memory-safety vulnerabilities pose to our digital ecosystem,” the Rust Foundation‘s Executive Director & CEO, Rebecca Rumbul, told The New Stack.
Moreover, Rumbul said The Rust Foundation believes that the Rust programming language is the most powerful tool available to address critical infrastructure security gaps. “As an organization, we are steadfast in our commitment to further strengthening the security of Rust through programs like our Security Initiative,” she said.
Meanwhile, looking specifically at software development for space systems, the ONCD report says: both memory-safe and memory-unsafe programming languages meet the organization’s requirements for developing space systems. “At this time, the most widely used languages that meet all three properties are C and C++, which are not memory-safe programming languages, the report said. “Rust, one example of a memory-safe programming language, has the three requisite properties above, but has not yet been proven in space systems.”
According to the ONCD report, the three requirements for a language for building space systems are: “First, the language must allow the code to be close to the kernel so that it can tightly interact with both software and hardware; second, the language must support determinism so the timing of the outputs is consistent; and third, the language must not have — or be able to override — the ‘garbage collector,’ a function that automatically reclaims memory allocated by the computer program that is no longer in use.”
2023 Annual Rust Survey
The 2023 Annual Rust Survey results, released last week, showed a continued upward year-over-year trend of Rust usage at work. Thirty-four percent of 2023 survey respondents said they use Rust in the majority of their coding at work — an increase of five percentage points from 2022. Of this group, 39% said they work for organizations that make non-trivial use of Rust.
The top reason survey respondents’ employers invested in Rust was the ability to build relatively correct and bug-free software at 86% — up from 82% in 2022. The second most popular reason was Rust’s performance characteristics at 83%.
In terms of technology domains, the study indicated that Rust is especially popular for creating server backends, web and networking services and cloud technologies.
The Rust survey said Rust programmers target a diverse set of platforms with their Rust programs, even though the most popular target by far is still a Linux machine. Yet, “We can see a slight uptick in users targeting WebAssembly, embedded and mobile platforms, which speaks to the versatility of Rust,” the survey blog post by the Rust team said.
However. Rust cannot continue delivering widespread safety and security benefits at scale without expansion to its global user base, Rumbul told The New Stack. “As such, I find several data points of the recent State of Rust survey encouraging. Namely, the apparent uptick in Rust expertise worldwide and the growing adoption of Rust within professional settings.”
Moreover, Rumbul noted that while many of the year-on-year changes depicted in the 2023 State of Rust Survey are “heartening,” they are also incremental; and the Foundation expects to see more substantial growth in these areas over time.
Will Regulatory Advocacy Help?
“Rust has been on a steady rise in terms of popularity for enterprise automation since its inception in 2006,” said Holger Mueller, an analyst at Constellation Research. “It keeps steadily climbing for the ranks of developer popularity and it may well be that the high memory safety that is inherent to the language will aid its popularity from regulatory perspective. But that is never a good reason to rely on to make software languages popular, so it’s much more important that Rust keeps gaining more developers based on its merits, and it has plenty of them — like being a language that contributes to the development of the Linux kernel.”
Eric Newcomer, CTO and analyst at Intellyx, expects the call-out from the government to help drive further Rust adoption.
“The White House endorsement is going to add fuel to the fire, so to speak,” Newcomer told The New Stack. “Rust is already gaining momentum as a safer alternative to C and C++. Rust provides the same level of access to operating system resources as C and C++ but does so safely. Government recognition of this will definitely speed up adoption.”
Mark Russinovich, Microsoft’s Azure CTO, who has been vocal about the software and service giant further adopting Rust, this week posted on X (formerly Twitter) that “The White House says it’s time to stop new projects in C/C++.”
In addition, Russinovich likened reluctant-to-change C and C++ developers to tree huggers.
In a separate X post, he said: “There are vocal C/C++-huggers out there. I don’t understand their resistance to switching to memory-safe languages (legacy aside). With great care, an expert can write secure C/C++, but memory-safe languages make it hard or impossible for anyone to make memory-safety mistakes.”
More Survey Analysis
Other results of the Rust survey indicated a desire for a limited amount of Rust-centric jobs, noted Lawrence E. Hecht, an IT data analyst and consultant who manages research projects for The New Stack, as only 9% of respondents said they believe it is easy for qualified candidates to find jobs that use Rust for the majority of programming. While 27% do think existing jobs are attractive, perhaps that would be even higher if Rust becomes the primary language for many developers.
As proof that Rust has attracted new users, 48% of respondents started to learn to program in Rust in 2021 or later.
The survey also showed initial success for RustRover by JetBrains. After being released in 2023, 16% of respondents said they use RustRover, a dedicated IntelliJ Rust IDE. Since 20% of respondents in the previous study were using some type of JetBrains IDE or Rust-plugin, we can assume that a large portion of those switched over.
Hecht also detected an increased anxiety about Rust’s future from the 2023 survey as only 18% have no worries about Rust’s future, down significantly from 30% in 2022. The top future concern, cited by 43%, is that Rust becomes too complex. Twenty-eight percent are also worried that project governance doesn’t scale to meet the community’s size/requirements.
“The Rust community continues to experience growing pains,” Hecht said. “Last year, the Rust Foundation’s executive director worried about burnout and the ability to keep up with a growing user base. Concerns over project governance’s ability to scale appear to have been justified.”
Rustacean Needs, Wants and Desires
Respondents to the survey also identified troublesome features as well as features they’d like to see added or enhanced in the language.
Of the features that Rust users want to be implemented, stabilized or improved, the most desired improvements are in the areas of traits (trait aliases, associated type defaults, etc.), const execution (generic const expressions, const trait methods, etc.) and async (async closures, coroutines).
The areas of Rust that Rustaceans seem to struggle with the most are asynchronous Rust, the traits and generics system and also the borrow checker.
And features that Rustaceans want Rust maintainers to mainly prioritize fixing compiler bugs (68%), improving the runtime performance of Rust programs (57%) and also improving compile times (45%).
The Rust Foundation’s Rumbul told The New Stack she believes the maintainers of Rust have done “an excellent job” of not only building a powerful programming language but also developing a helpful way of measuring the current state of Rust through their survey.
“The Rust Foundation’s role is to engage with and support various segments of the global Rust community, including enterprise users,” she said. “Together with these groups, we will fortify Rust’s position as a cornerstone of digital security.”
