Microsoft is developing a new programming language that focuses on building applications that are immune to the most common security issues. Project Verona The new language is based on the growing popularity of Rust, which is being developed by Mozilla, the developer of the well-known Firefox browser. The project is called Verona and, according to the publication, its key difference from Rust is the use of an ownership model based on groups of objects, rather than single objects. It is expected that the source texts of the current developments within its framework will be open under the free Apache 2.0 license. The project repository has already appeared on the Github platform owned by Microsoft since 2018, but is still empty. As Zdnet points out, Microsoft may also be rewriting some low-level components of Windows 10 using modified Rust to eliminate potential issues with C and C++. How changing the language can improve security The C and C++ languages have been widely used for decades as a system software development tool and leave the programmer with the task of managing main memory, which inevitably leads to errors, such as accessing a memory location after it has been freed or, for example, buffer out of bounds. According to Matt Miller, a Microsoft security specialist, about 70% of all vulnerabilities found in the company's software products over the past 12 years are related to memory management errors.
Unlike C and C++, Rust (as apparently Verona) implements an automatic memory management mechanism based on the “ownership” principle, which saves the programmer from having to manually manipulate memory, thereby reducing the likelihood of errors. It is also worth noting that, for the sake of performance, Rust does not use the so-called garbage collector (Garbage Collector, GC), whose task is to automatically remove objects from memory that are no longer required by the program.