The "bad/good" attribute is not helpful, but if we replace that with "people who obsess about memory safety or not" then the conclusion holds.
The security problems of C and C++ programs are caused by the fact that it takes effort to write safe code in those languages and most programmers/companies can live just fine with the safety they can reach with less effort. Bugs are opened, the code is patched and the world goes on.
And because those people don't obsess over memory safety, they won't switch to Rust either, unless something else happens to force them to. E.g: great job opportunities, official toolchain in Rust, etc.
Maybe C and C++ are due to be replaced, but hopefully not by Rust, because at least back in 78 they could create a language that's at least moderately fun to use.
> The "bad/good" attribute is not helpful, but if we replace that with "people who obsess about memory safety or not" then the conclusion holds.
"People who obsess over memory safety" are in fact not writing in C and C++ these days.
> The security problems of C and C++ programs are caused by the fact that it takes effort to write safe code in those languages and most programmers/companies can live just fine with the safety they can reach with less effort.
No, this is not true, unless you define "effort" as "10x normal development costs and time", which does not make economic sense for mainstream software.
Precisely, they are not. So then why do you expect C and C++ developers to switch to Rust if most of them don't consider memory safety that critical? Selling Rust to C and C++ programmers is like selling bicycles to Eskimos.
Regarding your second point: Firefox has vulnerabilities patched in almost every version (although the last one was a certificate screw-up). Are people abandoning Firefox because of that? Are you having trouble attracting talent, because it's written in C++? Are people switching to Chrome en masse because it has better security?
Even a project with middling memory safety like Firefox is able to survive just fine in a space where security's aaalways argued about. It's perversely lost market share because of Google's marketing and its poor performance. So one doesn't need to invest 10x development costs and time, probably not even 2x.
The security problems of C and C++ programs are caused by the fact that it takes effort to write safe code in those languages and most programmers/companies can live just fine with the safety they can reach with less effort. Bugs are opened, the code is patched and the world goes on.
And because those people don't obsess over memory safety, they won't switch to Rust either, unless something else happens to force them to. E.g: great job opportunities, official toolchain in Rust, etc.
Maybe C and C++ are due to be replaced, but hopefully not by Rust, because at least back in 78 they could create a language that's at least moderately fun to use.