← Back to context

Comment by kibwen

1 year ago

As someone who also works in cybersecurity, we use Rust extensively and are sunsetting all of our C code. We use third-party dependencies judiciously and never deploy anything without auditing it. It's great that Rust facilitates this convenient ecosystem, and it's to Rust's benefit, not Rust's detriment, that the ecosystem exists.

2 comments

kibwen

Reply
SleepyMyroslav  1 year ago

Many orgs want to save costs while using open software. In a world after xz incident they are now in very difficult place. It is all about whom do one trusts. As someone who works in such costs aware business as gamedev I think Rust has unique chance to capture trust market. If major Rust organization sponsors will donate information about even a fraction of what they had audited that can create safe heaven for smaller orgs and startups. Even large orgs that still have history of audits for decades and long list of C/C++/C#/Java projects they trust might buy in. Because it is not reasonable to expect that they can keep up with each open project updates.

whodev  1 year ago

> We use third-party dependencies judiciously and never deploy anything without auditing it.

This is how I think it should be of course. Like I said, I'm not against the use of third-party code or dependencies, I'm against using them without performing any audit of that code.