Microsoft engineer ‘clarifies’ LinkedIn post after it goes viral and causes outrage; and how in 2023 NSA made ‘similar recommendation’ for software companies
No, Microsoft is not rewriting Windows in Rust. The clarification comes after a LinkedIn post by a Microsoft Distinguished Engineer Galen Hunt went viral and led to an outrage in several circles. This made the company as well as the Microsoft engineer to issue a clarification. The original post from Hunt was a job posting which led to the speculation that Microsoft plans to eliminate all C and C++ code across its major codebases by 2030, replacing it with Rust using AI-assisted, large-scale refactoring.
What Microsoft engineer’s original original post said
I have an open position in my team for a IC5 Principal Software Engineer. The position is in-person in Redmond. My goal is to eliminate every line of C and C++ from Microsoft by 2030. Our strategy is to combine AI *and* Algorithms to rewrite Microsoft’s largest codebases. Our North Star is “1 engineer, 1 month, 1 million lines of code”. To accomplish this previously unimaginable task, we’ve built a powerful code processing infrastructure. Our algorithmic infrastructure creates a scalable graph over source code at scale. Our AI processing infrastructure then enables us to apply AI agents, guided by algorithms, to make code modifications at scale. The core of this infrastructure is already operating at scale on problems such as code understanding. The purpose of this Principal Software Engineer role is to help us evolve and augment our infrastructure to enable translating Microsoft’s largest C and C++ systems to Rust. A critical requirement for this role is experience building production quality systems-level code in Rust—preferably at least 3 years of experience writing systems-level code in Rust. Compiler, database, or OS implementation experience is highly desired. While compiler implementation experience is not required to apply, the willingness to acquire that experience in our team is required. Our team is driven by a growth mindset. We are diverse team with a wide range of skills and perspectives. We take on bold risks. We work and play well with others. We love to bring value to internal and external customers. We have learned that our diversity and growth mindset is critical to success in the rapidly changing word of AI-based tools. Our team is part of the Future of Scalable Software Engineering group in the EngHorizons organization in Microsoft CoreAI. Our mission is to build capabilities to allow Microsoft and our customers to eliminate technical debt at scale. We pioneer new tools and techniques with internal customers and partners, and then work with other product groups to deploy those capabilities at scale across Microsoft and across the industry.
What the update/clarification from Microsoft engineer says
After all the outrage that Hunt’s post led to, he issued a clarification with the title ‘Update’. The Update said: It appears my post generated far more attention than I intended… with a lot of speculative reading between the lines.Just to clarify… Windows is *NOT* being rewritten in Rust with AI. My team’s project is a research project. We are building tech to make migration from language to language possible. The intent of my post was to find like-minded engineers to join us on the next stage of this multi-year endeavor—not to set a new strategy for Windows 11+ or to imply that Rust is an endpoint.How Microsoft may not be alone in ditching C and C++As a report in InfoWorld says that the pressure to dump C and C++ languages in favor of memory-safe languages such as Rust comes right from the top, with research by Google and Microsoft showing that around 70 percent of all security vulnerabilities in software are caused by memory safety issues.
When NSA told software companies to use Rust language
Incidentally, in November 2023 America’s National Security Agency (NSA) joined Cybersecurity and Infrastructure Security Agency (CISA) and international partners in releasing ”The Case for Memory Safe Roadmaps” Cybersecurity Information Sheet (CSI). Expanding on the “Software Memory Safety” CSI published by NSA in April 2023, the report gave guidance for software manufacturers and technology providers to create roadmaps tailored to eliminate memory safety vulnerabilities from their products. In one of its suggestions, the report asked software manufacturers to create roadmaps for the utilization of, and transition to, memory safe programming languages. “This transition will enable memory safe programming languages to mitigate memory-related vulnerabilities and reduce the products’ attack surface. Recommended memory safe programming languages mentioned in the CSI include C#, Go, Java, Python, Rust, and Swift. Software manufacturers should evaluate multiple memory safe programming languages before integrating them into their workflows,” said the report.
