Very little --- I'll go ahead and say, to a first approximation, *none* --- of t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Nov 23, 2022 \| parent \| context \| favorite \| on: Using Rust at a startup: A cautionary tale Very little --- I'll go ahead and say, to a first approximation, none --- of that safety has anything to do with software security. The same kinds of bugs that hit Java programs hit Rust programs, with maybe the sole exception of deserialization (which has nothing to do with error handling or type safety). That matters because that's the kind of "safety" we're talking about when we discuss externalities for end-users --- not servers that need extra monitoring because they might crash.

bryanlarsen on Nov 23, 2022 [–]

Ignoring error codes and left-pad style issues are common sources of security issues.

Java is more left-pad resistant than Typescript, granted.

tptacek on Nov 23, 2022 | [–]

No. Rust doesn't do anything interesting to avoid supply-chain attacks.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact