It doesn’t. It’s one of the most annoying aspects of Rust that “Written in Rust” is considered an attractive quality.
But, whatever. There’s no reason to be gratuitously negative. I’m just a bit salty that lesser known languages are often excluded on the basis that they’re lesser known.
You shouldn't, and I write Rust all the time. Don't implicitly trust it because it's written in Rust. There could still be errors, there could be uses of unsafe, etc.
I just said more than C not an absolute trust level or trust just because it's Rust. I do know Rust very well myself.
It does have some gotchas for those who think it means instant safety.
For example the interface between safe and unsafe. If you change an established constraint that safe Rust depends on inside an unsafe block then all safe code has to be aware of this change and take it into account. In a way anything could be undefined behavior if you don't.
I’d trust Tarsnap with my life, and it’s written in C. You have to evaluate the merits of an individual project, not blindly put your faith in their security claims.
In general, when you write C, there are a multitude of ways to introduce memory related vulnerabilities if you don't know what you're doing, and historically and empirically speaking, even if you do (heartbleed comes to mind, but I'm sure 5 minutes of research would turn up hundreds of examples).
Safe rust prevents you from double freeing, dereferencing null, leaking memory, and a whole bunch of memory related bugs/potential vulnerabilities.
Now, programmers are human. We make mistakes. Why, a priori, should anyone trust the programmers of one particular project to be superhuman and never screw up? That seems much more like blind faith to me than trusting a language which has been specifically designed to eliminate these kinds of errors.
I do trust tarsnap, but if Colin wrote tarsnap in safe rust, I'd trust it even more.
Similarly, I can trust a library or program is less likely to exhibit crashes and memory issues if it's written in rust, and that allows the developers to be less renowned security experts while still producing usable code.
Your argument that C programs can be trusted to be memory safe and contain minimal bugs IFF they're written by experts doesn't prove the point that language's are meaningless for gaining trust.
I trust a combination of credibility and tools. If someone tells me they ran a fuzzer over their http server, I'll trust it more than if they say they didn't. That's not credibility, that's tools.
Both credibility and tools have their place. This isn't some black and white issue like you're portraying it.
> Also, Tarsnap has had a long-standing bug bounty program, which is another reason to trust it.
This is not necessarily a reason to trust Tarsnap. It is just an (rather weak) indication of the security-oriented process and nothing more. Probably you would want to say security track records (inferred from the bug bounty program), which would be a good reason to trust it.
But, whatever. There’s no reason to be gratuitously negative. I’m just a bit salty that lesser known languages are often excluded on the basis that they’re lesser known.