> Even in supposedly "memory safe" languages like Java, XML (and json) parsers are often riddled with bugs and design problems that can be exploited for remote execution
The huge benefit of having a strict compiler like Rust's is that it massively raises the quality floor for every single library in the ecosystem. This is especially true if a library doesn't use unsafe (which is true of many Rust libraries including the most popular XML library https://lib.rs/crates/quick-xml).
> bad programmers will go write poorly designed rust code that's as unsafe (if not more so) as any C code, except now they won't be careful because "the language is safe".
The whole point of the language being safe is that you can't write code as bad as C code (e.g. contained RCE vulnerabilities) without going massively out of your way by using an `unsafe` block or doing something obviously stupid like passing an unsanitised string to `exec`. It won't compile. I would absolutely trust carelessly coded safe Rust code over carefully coded C (unless that carefulness is taken to the extreme as in MISRA-C or similar).
The huge benefit of having a strict compiler like Rust's is that it massively raises the quality floor for every single library in the ecosystem. This is especially true if a library doesn't use unsafe (which is true of many Rust libraries including the most popular XML library https://lib.rs/crates/quick-xml).
> bad programmers will go write poorly designed rust code that's as unsafe (if not more so) as any C code, except now they won't be careful because "the language is safe".
The whole point of the language being safe is that you can't write code as bad as C code (e.g. contained RCE vulnerabilities) without going massively out of your way by using an `unsafe` block or doing something obviously stupid like passing an unsanitised string to `exec`. It won't compile. I would absolutely trust carelessly coded safe Rust code over carefully coded C (unless that carefulness is taken to the extreme as in MISRA-C or similar).