What happened
Google says its move to Rust in the Android ecosystem has pushed memory safety bugs to under twenty percent of all Android vulnerabilities for the first time. Rust code shows about a thousand-fold drop in memory safety issues compared with C and C++.
Who is affected
Android users benefit from fewer high-risk flaws. Developers and OS engineers who work with Android, firmware, or first-party apps are now shifting to Rust. Security leaders who oversee mobile fleets, device supply chains, or embedded systems also feel the impact.
Why CISOs should care
Memory safety bugs drive many of the most serious mobile and firmware attacks. Google’s results show that language choice has a direct effect on vulnerability exposure. If your organisation relies on C or C++ in core systems, you may face a higher baseline risk than vendors that adopt memory-safe languages. This also changes how you measure supply chain security and evaluate software quality.
3 practical actions
- Review your software and device stack and note where C and C++ remain in critical paths. Treat these components as higher risk.
- Update vendor security checks to include questions about language use and memory safety practices.
- Encourage engineering leads to explore Rust or other memory-safe languages for high-impact modules.