The Rise of Memory-Safe Languages in Secure Development

Amazon's Mark Ryland on Rust and the Importance of Improving Open-Source Security
Mark Ryland, director of Amazon Security, Amazon

Secure development and memory-safe languages are becoming increasingly critical for addressing long-standing security issues such as buffer overruns and remote code execution vulnerabilities. Mark Ryland, director of Amazon Security, Amazon, emphasized the shift toward using Rust, a high-performance language designed to eliminate such bugs.

See Also: New OnDemand | Securing the Supply Chain and Shifting Left with AI-Powered SCA

Higher-level languages such as Java and Python are now memory -safe, but for many years, high-performance system-level code was written in C or C++, which notoriously lacked memory safety, Ryland said.

"Rust has the unique capability to both provide super high-performance, low-level capabilities similar to C, but the compiler and the language itself enforces certain conventions that if the programmer follows those conventions, that eliminates a whole class of bugs," he said.

In this video interview with Information Security Media Group at RSA Conference 2024, Ryland also discussed:

  • How integrating the Rust programming language into AWS services can enhance security;
  • Practical issues and processes involved in enforcing multifactor authentication;
  • How AWS uses AI to assist with secure software development.

Ryland works with public policy and public sector regulators and customers to help them understand how AWS builds and operates its highly secure cloud offerings and how they can best leverage AWS cloud to enhance their own cybersecurity. He has more than 32 years of experience in the technology industry across a wide range of leadership roles in information security, software engineering, distributed systems, technical standardization and public policy.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.