https://www.msuiche.com/categories/keynote/Recent content in Keynote on Matt SuicheHugoen-usThu, 10 Nov 2022 12:00:00 +0200https://www.msuiche.com/posts/poc-2022-korea-keynote/Thu, 10 Nov 2022 12:00:00 +0200https://www.msuiche.com/posts/poc-2022-korea-keynote/<p>POC is one of the top conference in Asia and has been running since 2006, and today I&rsquo;ve had the opportunity to give the opening keynote <a href="https://github.com/msuiche/slides/blob/main/2022-POC-Keynote.pdf" target="_blank" rel="noopener">(Slides)</a> for <a href="https://powerofcommunity.net" target="_blank" rel="noopener">POC 2022</a> conference in Seoul, Korea where I discussed our favorite memory safe language: Rust - thanks again to the organizers for the invitation.</p> <p>I chose to discuss Rust from a software engineering and application security point of view. The main points were:</p> <ul> <li>The current availability of high-performance memory safe languages like Rust, make it the best time in history of computer science to be (or become) a software engineer.</li> <li>Rust is a great language to learn if you are new to programming and are looking for pointers for your software engineering career. I always recommend to students who want to get into software engineering to start with Python to learn the basics of programming, and then to learn a more mature language such as Rust which can be used for production level coding.</li> <li>Rust is a great language if you are starting a new project from scratch, but if you are trying to migrate an existing code base written in C/C++ this may be more challenging to fully rewrite everything the larger your existing code base is.</li> <li>Rust allows you to focus on the logic of your code instead of wasting unnecessary time debugging (especially compared to C/C++), without sacrificing on performance.</li> <li>Memory safety bugs represent around <a href="https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2019_02_BlueHatIL/2019_01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf" target="_blank" rel="noopener">around 70% of security bugs (as reported by MSRC)</a>, so having the opportunity to have safe code that compiles and works is amazing.</li> <li>There are two main avenues to make applications more secure: <ul> <li>either you improve the compiler (which is the best solution for legacy code base that can&rsquo;t be rewritten for various reasons)</li> <li>or you actually use a safer language (a memory safe language - which is the best solution for new code base)</li> </ul> </li> <li>Although Microsoft has been doing a great job at promoting Rust, the lack of official WDK for kernel programming is problematic and we will probably see a lot of people writing Windows Rust user-mode applications just like they would write C/C++ user-mode applications due to lack of resources (There is definitely room for improvement that could be done on that side).</li> </ul> <p><a href="https://github.com/msuiche/slides/blob/main/2022-POC-Keynote.pdf" target="_blank" rel="noopener">You can find the slides here. (Slides)</a></p>