Eliminating Memory Safety Vulnerabilities at the Source(Google Security Blog)

Here's apost on the Google Security Blog on how switching to a memory-safelanguage can quickly reduce vulnerabilities in a project, even if a largebody of older code persists.

This leads to two important takeaways:

• The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code.
• Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older.

For example, based on the average vulnerability lifetimes, 5-year-old codehas a 3.4x (using lifetimes from the study) to 7.4x (using lifetimesobserved in Android and Chromium) lower vulnerability density than newcode.