Q&A on the Rust Foundation’s new Safety-Critical Rust Consortium


Last month, the Rust Foundation announced the Safety-Critical Rust Consortium, a new group dedicated to advancing the use of Rust in safety-critical software, which is software that can severely impact human life or cause damage if it fails. 

To talk more about the new group, Bec Rumbul, executive director and CEO of the Rust Foundation, joined us on the most recent episode of our podcast, What the Dev? 

Here is an edited and abridged version of that conversation:

Jenna Barron, news editor of SD Times: Can you tell me about this new consortium and why it was created?

Bec Rumbul: Rust is a relatively young programming language compared to a lot of them out there, but it’s a language that has enormous potential; it has really great memory safety features, performance, it has an awful lot of great stuff to recommend it. So there’s a lot of people out there that are kind of Rust curious at the moment. They’re looking at it as a language that can smooth off some of those rough edges or plug some of those potential vulnerabilities that you might see in other languages, or indeed, improve performance.

Memory safety is obviously a huge one. And it’s something that governments around the world as well as the tech giants are getting really serious about, especially because of supply chain security. 

So we wanted to make sure as the Rust Foundation that we’re advocating for the language, that we’re providing whatever we possibly can to all of those people in the world that are interested in using the tools, the libraries, the support, whatever they need in order to be able to use Rust successfully in their chosen businesses. Safety critical is a group of industries that have really seen the potential of Rust, and those are industries that have gotten really interested very early on. We have members from those industries, and what we’ve heard from them is that they really need a bit extra in order to use Rust successfully in their businesses and in their products. 

And we felt this was a really good place for the foundation to provide some kind of support and facilitation, to try and plug whatever gaps might exist or to improve and iterate on what’s already there so that people can take this and run with it and have confidence in it. 

So yeah, after quite a lot of these conversations over the last couple of years, we’ve decided to try and formulate that a little bit more, try and provide a safe space for people in industry to sit around a table and talk frankly about what they need, where they feel that there are gaps in the system, or identify things that they would like to work on. 

So the consortium was formed by some key members, like Ferrous Systems, who have been very, very early adopters of Rust; Arm, who were obviously in the safety critical space; Woven by Toyota, who were really very interested in Rust going forward, and various other organizations. We spoke to all of them, and they were really excited to have this kind of space to come to the table to talk about these issues and find a common pathway forward.

JB: What are some of the long-term goals of the consortium?

BR: We want to close the gap. We want to make sure that we can provide a useful pathway for development, hopefully moving towards standards, hopefully moving towards common requirements, and hopefully ensuring that the projects and their maintainers are not overwhelmed by lots of individual companies or individuals out there trying to kind of do lots of things. Having a unified approach to this will hopefully also ease potential pressure in the long term on those maintainers upstream. 

We’re not going to be competing or trying to make SAE obsolete, for instance. What we’re trying to do is provide a much easier and more unified approach to what safety critical industry needs.

JB: How can people get involved with this? 

BR: Membership is by agreement with the consortium members. We don’t have really strict rules, you know, this is supposed to be a kind of Rainbow Coalition. So yes, obviously, companies that are looking to develop in the safety-critical space, but also, we’re bringing people to the table with legal backgrounds or other kinds of business function backgrounds. So we’re not trying to restrict membership too much. Because we want that diversity of voices around the table.

Potentially, there might come a point where there are too many people, and we’ll have to figure that out. But certainly in this initial stage, I think the hope is that lots of people will turn up and figure out, “Okay, I am interested in this, and I have the ability to contribute to it.” 

We’re not looking at this as something where there’s just going to be a briefing call once a month, and people turn up and listen, and then leave again. We’re very much hoping this is going to be a collaborative working process, so people that really want to contribute are going to be very much appreciated around the table. 

If anyone is interested in joining, we’re very happy for people to contact us at the Rust Foundation. My colleague, our head of technology, Joel Marcey, is leading this, and he has already had a phenomenally positive response since the release went out. I think we’ve got like 30 or 40 organizations already that have come and said, “Hey, this sounds cool. We’d like to get involved.” So yeah, the door is very much open and it’s going to be in the spirit of open source collaboration. So we would love to see people who want to come and have opinions and contribute in one way or another.

JB: Why should developers who are building these safety critical systems look at Rust versus other programming languages?

BR: Obviously, I am the executive director and CEO of the Rust Foundation, so it’s my job to push Rust, but I know I do not live in a world where I can say to people, “just stop using everything else and rewrite it in Rust, because Rust is the best.” That’s not the kind of foundation we want to be. We want to work with everyone. 

And we believe that different programming languages are right for different things. We also recognize that the world is not going to change overnight and that we have to operate with the existing landscape. A lot of that existing landscape is written in C++, for instance, and whilst that has been a very solid and much loved language for many years, it does have some vulnerability issues. It’s not a memory safe language, whereas Rust is, so it kind of stopped some of those security vulnerabilities that you’ll see in other languages. So that’s one reason that people are becoming attracted to Rust. 

I think the other side of it is it’s very fast, it’s a very performant language. It doesn’t have a garbage collector, so there’s not that delay that you get with some garbage collector languages.

And I think with Rust, there’s an opportunity for interoperability as well. Another initiative that we have going at the moment, which we’re just at the beginning at, is an interop initiative with C++ and Rust. So, you know, acknowledging that no one is going out to rewrite all of their C++ code. We’re going to have C++ code around for way longer than I’m going to be alive. But, we can use some Rust to make some of that safer, with wrappers and various other tools to make code safer. 

Because, you know, while it’s easy to talk at this level about how safety is important, security is important, we’re not doing it to bug developers or get them to learn another language. We’re ultimately doing all of this because the normal person on the street doesn’t want their bank hacked. They don’t want their car to go haywire when they do 70 down the motorway. So you know, keeping that in mind where we’re pushing Rust, because we believe in some cases, it’s the best tool for the job, in terms of safety and security.


You may also like…

Q&A: Evaluating the ROI of AI implementation

Q&A: Why over half of developers are experiencing burnout



Source link