Incrementally securing your C++ using Rust

Systems software everywhere uses C and C++ to implement the most critical, vulnerable and low-level functionality. It’s a trusted model with proven tooling, developer experience, and industry success, but it has struggled for decades with security hazards caused by memory unsafety and undefined behavior. Today, AI models make it easier than ever to discover and exploit software vulnerabilities before they can be patched. Languages like Rust promise relief through guaranteed memory safety but cannot provide an instant replacement for all existing software.

This talk will discuss how C++ users can incrementally adopt memory-safety using Rust libraries, cross-language interop tooling, and a sprinkling of AI. Specifically, I’ll discuss Crubit, a Rust/C++ interop tool my team at Google is building, and how we're using it to harden our software, incrementally migrate to Rust, with the intention of building 100% of new software in memory-safe languages by 2030.