Top Highlights
-
Rust Outperforming C/C++: Rust is gaining traction over C and C++ due to its memory safety, resulting in up to 1,000 times fewer bugs and improved code stability, according to Google’s insights.
-
Enhanced Efficiency: Development metrics demonstrate a 25% reduction in code review time and lower rollback rates for Rust implementations compared to C++, indicating higher code quality and efficiency.
-
Strategic Adoption: Companies like Google and Microsoft are transitioning to Rust incrementally, integrating it into specific high-risk areas rather than complete system rewrites, maximizing existing investments in legacy code.
-
Beyond Memory Safety: While Rust significantly reduces memory-related issues, experts emphasize that it doesn’t solve all security vulnerabilities, necessitating ongoing testing and strategic implementation.
[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Rust Code Delivers Security, Streamlines DevOps’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
The Rust programming language continues to tally up wins against the venerable, yet still very popular, C and C++ languages.
While technology firms and the US government have pushed software developers to adopt memory-safe languages to eliminate a preventable class of flaws, Rust code not only improves security but requires less time for code review and produces more stable fixes, according to data just released by Google’s Android development team.
Programmers saw about 1,000 times fewer bugs when using Rust compared to C++, but also faster throughput in the DevOps pipeline and better stability in the resulting code, Google stated in an analysis of its 2025 development using Rust. The improved pipeline metrics were a surprise, says Jeffrey Vander Stoep, a software engineer for Google’s Android, adding that companies can gain significant benefits from strategically replacing portions of C and C++ code with interoperable Rust code.
“Based on what we’ve learned, it’s become clear that we do not need to throw away or rewrite all our existing memory-unsafe code,” he said, citing previous research. “Interoperability offers a practical and incremental approach to adopting memory safe languages, allowing organizations to leverage existing investments in code and systems, while accelerating the development of new features.”
The company has updated the Android Linux kernel to support Rust, which now ships with the first production driver written in Rust. Google also replaced the parsers for specific file types, such as PNG and JSON, with Rust implementations.
Increasing Momentum
Google is not the only company embracing Rust for its security benefits. In July, Microsoft published an update on its adoption of the programming language for developing Windows drivers for its Surface laptops and tablets. The company cited Rust’s memory safety, concurrency safety, compile-time guarantees, and its interoperability with C and C++ code using the Foreign Function Interface (FFI) as reasons that shifting development made sense.
In September, Internet delivery and services firm Cloudflare announced that it had rebuilt the core of its network — previously known as FL — using Rust and Oyx, its Rust-based proxy server. The new FL2 framework has more than 130 modules, but Cloudflare is able to deploy a new feature within 48 hours and now has the ability to fallback if something fails. Overall, the company says it saw a 25% performance boost from the change to Rust-based infrastructure.
The trajectory of Rust’s use in these companies matches what the Rust Foundation has seen across its members, says Rebecca Rumbul, its executive director and CEO.
“Most organizations begin pragmatically, introducing Rust in high-risk or performance-critical components, not rewriting entire systems,” she says. “That targeted approach lets them realize security and reliability benefits without disruption. But over time, those Rust ‘islands’ grow. Success in one area tends to inspire expansion into others.”
Not Just About Memory Safety
While Cloudflare found that its proxy server infrastructure built with Rust improved performance, little data has been published on how using Rust can slow or speed the developer pipeline. According to Google’s 2025 data, the median time for review a medium or large change to a codebase written in Rust was 25% less than a similar change in C++. In addition, the rollback rate — an inverse measure of the quality of the code checked in by developers — continued to be much lower than C++, indicating that Rust changes were of higher quality.
The two measures of throughput and stability means that developers can be more efficient in their work, says Google’s Vander Stoep.
“While memory safety is important and a primary motivation for adopting Rust, we think the productivity gains from Rust are likely attributed to many things beyond memory safety,” he says.
It’s a trend that the Rust Foundation has noted as well, says Rumbul. Members consistently say Rust improves reliability and maintenance ability, she says.
“With the flattening of the learning curve, the payoffs are fewer fires to put out and faster, more confident development,” she says.
Just One Class of Bug
Memory-safe languages such as Rust, Kotlin, Java, and .NET are effective in reducing memory-safety issues, which accounted for about 70% of all issues in Microsoft software as of 2018, prior to the company embarking on rewriting key drivers and code in Rust. In 2025, memory-safety issues account for about 21% of the nearly 33,000 vulnerabilities published with a Common Weakness Enumeration (CWE) category, according to statistics from CVE.icu.
Yet, while companies should focus on adopting such languages, application-security experts stress that the resulting code can still be prone to other types of vulnerabilities. Switching to Rust and similar programming languages is not a silver bullet for security, says Tim Jarrett, vice president of product management at Veracode, an application-security firm. Developers need to continue to build in tests for other classes of vulnerabilities.
In its latest research, Veracode found that about 35% of all Java applications and 60% of all .NET applications, which are both memory safe, still have security debt in the form of at least one flaw that has been unfixed for more than a year,
“Using memory-safe languages eliminates one important category of application security risk — buffer errors, [such as] overflows — that allow an attacker to get the host machine to run arbitrary code,” Jarrett says. “However, memory-safety doesn’t eliminate injection vulnerabilities, crypto problems, authorization issues, issues based on failure to check error conditions — all of which are perfectly possible in memory-safe languages.”
In addition, companies need to be strategic in how they approach shifting to Rust and other memory-safe languages — rewriting from the ground up is usually not necessary, says Google’s Vander Stoep.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Stay Ahead with the Latest Tech Trends
Explore the future of technology with our detailed insights on Artificial Intelligence.
Access comprehensive resources on technology by visiting Wikipedia.
CyberRisk-V1
