You are viewing content from a past/completed QCon -

Presentation: The Most Secure Program Is One That Doesn’t Exist

Track: 21st Century Languages

Location: Pacific DEKJ

Duration: 1:40pm - 2:30pm

Day of week: Tuesday

Level: Intermediate

Persona: Backend Developer

This presentation is now available to view on

Watch video with transcript

What You’ll Learn

  1. Understand what safeties Rust offers and how it can save you from making common mistakes.

  2. Hear about case studies of libraries implemented in Rust and what was found.

  3. Learn examples of what Rust can and cannot do


Rust is a programming language that started with the explicit goal of preventing segfaults and guaranteeing thread safety to create a fearlessly concurrent systems language. The compiler enforces type- and memory- safety to achieve this. There’s a significant overlap between critical security bugs and memory vulnerabilities, so code written in Rust is more secure. But that’s only half the story. Can a language mitigate side-channel attacks? How can we integrate formal methods to prove implementation correctness? This talk will give an overview of how Rust’s design gives security guarantees and discuss goals and visions for the future.


QCon: What’s the focus of the work you do today?


Diane: I am the security and privacy lead on the mixed reality team. The focus of my work is building a browser that provides a secure, immersive web experience. I also work very closely with the Rust team. I lead the formal verification effort which is determining how we leverage the unique properties of Rust to allow people to use formal verification tools and techniques in their app code.

It's in the early stages but there are some aspects of Rust (namely that it is strongly influenced by functional programming languages) that I believe make it very promising. I also work with the unsafe code guidelines group.


QCon: What's the motivation for your talk?


Diane: I once implemented an unsafe trait that I never should have been implementing. It was caught in review, and that really was the inspiration for the talk.


QCon: What topics are you going to cover?


Diane: I’m going to start out by giving you overview of what guarantees Rust offers and what that actually means. What is memory safety? How do we do it? Then I’ll go into discussing a case study with specific code examples.

After talking about the guarantees results of this study, which is an example of taking a component of a very large C code base and swapping it out for a Rust component. That's the strength of Rust; as engineers, we want to build things modularly. We don't want to have to rewrite everything from scratch every time we decide that to go a new route with a language for whatever reason. Because of the zero-cost abstraction, the idea is you can call back and forth between languages like C without an amortized performance cost. It just looks like C. That’s very powerful tool for modernizing projects.

What I'm planning to do with this talk is help people understand what Rust does and doesn't do. Sometimes people think that Rust is memory safe and everything should be in Rust. Well, maybe not. For example, coming from a security background, all of our main cryptographic libraries are written in C and C++ with generally hand optimized assembly and when you are re-implementing normal code and you introduce a logic error, it will cause something to not work quite right. That's a problem. But if memory safety is not an issue then you generally don't have to worry about things like remote code execution.


QCon: Who is the target audience for your talk?


Diane: The target audience is anyone unfamiliar with the guarantees provided by Rust or people who are looking for a refresher. A lot of it is going to be geared towards people who are more familiar with systems programming.

Speaker: Diane Hosfelt

Research Engineer @mozilla

Diane Hosfelt is the security lead for the Mixed Reality team at Mozilla Research and works closely with the Rust Project to improve security with formal methods and unsafe code guidelines. In her free time, she enjoys the great indoors with her cats, Batman and Watson.

Find Diane Hosfelt at

Last Year's Tracks

  • Monday, 16 November

  • Clientside: From WASM to Browser Applications

    Dive into some of the technologies that can be leveraged to ultimately deliver a more impactful interaction between the user and client.

  • Languages of Infra

    More than just Infrastructure as a Service, today we have libraries, languages, and platforms that help us define our infra. Languages of Infra explore languages and libraries being used today to build modern cloud native architectures.

  • Mechanical Sympathy: The Software/Hardware Divide

    Understanding the Hardware Makes You a Better Developer

  • Paths to Production: Deployment Pipelines as a Competitive Advantage

    Deployment pipelines allow us to push to production at ever increasing volume. Paths to production looks at how some of software's most well known shops continuous deliver code.

  • Java, The Platform

    Mobile, Micro, Modular: The platform continues to evolve and change. Discover how the platform continues to drive us forward.

  • Security for Engineers

    How to build secure, yet usable, systems from the engineer's perspective.

  • Tuesday, 17 November

  • Modern Data Engineering

    The innovations necessary to build towards a fully automated decentralized data warehouse.

  • Machine Learning for the Software Engineer

    AI and machine learning are more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice by Software Engineers.

  • Inclusion & Diversity in Tech

    The road map to an inclusive and diverse tech organization. *Diversity & Inclusion defined as the inclusion of all individuals in an within tech, regardless of gender, religion, ethnicity, race, age, sexual orientation, and physical or mental fitness.

  • Architectures You've Always Wondered About

    How do they do it? In QCon's marquee Architectures track, we learn what it takes to operate at large scale from well-known names in our industry. You will take away hard-earned architectural lessons on scalability, reliability, throughput, and performance.

  • Architecting for Confidence: Building Resilient Systems

    Your system will fail. Build systems with the confidence to know when they do and you won’t.

  • Remotely Productive: Remote Teams & Software

    More and more companies are moving to remote work. How do you build, work on, and lead teams remotely?

  • Wednesday, 18 November

  • Operating Microservices

    Building and operating distributed systems is hard, and microservices are no different. Learn strategies for not just building a service but operating them at scale.

  • Distributed Systems for Developers

    Computer science in practice. An applied track that fuses together the human side of computer science with the technical choices that are made along the way

  • The Future of APIs

    Web-based API continue to evolve. The track provides the what, how, and why of future APIs, including GraphQL, Backend for Frontend, gRPC, & ReST

  • Resurgence of Functional Programming

    What was once a paradigm shift in how we thought of programming languages is now main stream in nearly all modern languages. Hear how software shops are infusing concepts like pure functions and immutablity into their architectures and design choices.

  • Social Responsibility: Implications of Building Modern Software

    Software has an ever increasing impact on individuals and society. Understanding these implications helps build software that works for all users

  • Non-Technical Skills for Technical Folks

    To be an effective engineer, requires more than great coding skills. Learn the subtle arts of the tech lead, including empathy, communication, and organization.