Comment by Ygg2
1 day ago
It removes a class of security vulnerabilities, modulo any unsound unsafe (in compiler, std/core and added dependency).
In practice you see several orders of magnitude fewer segfaults (like in Google Android CVE). You can compare Deno and Bun issue trackers for segfaults to see it in action.
As mentioned a billion times, seatbelts don't prevent death, but they do reduce the likelihood of dying in a traffic accident. Unsafe isn't a magic bullet, but it's a decent caliber round.
“by removing the nastiest class of security vulnerabilities” and “reduce the likelihood” don’t seem to be in the same neighborhood.
If you are reducing the likelihood of something by 99%, you are basically eliminating it. Not fully, but it’s still a huge improvement.
It reminds me of this fun question:
What’s the difference between a million dollars and a billion dollars? A billion dollars.
A million dollars is a lot of money to most people, but it’s effectively nothing compared to a billion dollars.
In theory they are the same statement; in practice there is 0.01% chance someone wrote unsound code.
Dividing their number by 1000[1] is technically the later but in practice it's pretty much the former.
[1]: this the order of magnitude presented in the recent Android blog post: https://security.googleblog.com/2025/11/rust-in-android-move...
> Our historical data for C and C++ shows a density of closer to 1,000 memory safety vulnerabilities per MLOC. Our Rust code is currently tracking at a density orders of magnitude lower: a more than 1000x reduction.