In 2024, the Great Refactor took off as a revolutionary movement. Its overarching aim is to help automatically migrate vulnerable code to Rust, a programming language that inherently promotes secure and memory safe coding practices. This ambitious initiative hopes to translate 100 million lines of code from critical open-source software libraries into Rust by 2030. It directly addresses the high demand for improved software security. Memory-unsafe languages like C and C++ remain ubiquitous to this day. Yet, though we know they’re vulnerable, they account for approximately 70 percent of software exploits.
Rust made its debut in 2015. It was meant to run as fast as C and C++, with memory safety and thread safety largely baked in. Herbie Bradley, the project’s lead and a PhD student at the University of Cambridge, says these AI tools will be crucial. To him, the success of The Great Refactor hinges first and foremost on their creative minds.
The Need for Enhanced Software Security
Memory safety issues still run rampant across the software industry, putting more pressure on the languages that developers use to create this software. Though C and C++ languages are powerful, expressive and efficient, they are famous for their memory-unsafe features. As recently reported by the National Security Agency, software vulnerabilities that stem from memory safety issues have been the cause of a shocking 70 percent of cybersecurity breaches.
Accepting this grim reality, The Great Refactor seeks to turn the tide by using AI to automatically refactor codebases into Rust. Chief among the program’s recommendations is the establishment of a Focused Research Organization. Here’s how the U.S. government plans to invest about $100 million to make that happen. This funding is badly needed and will provide a much-needed boost to public-private sector efforts focused on advancing software security.
“Possibly you’d want to take a little more care in the conversion and maybe use AI to help you, but very carefully,” – Herbie Bradley
By adopting Rust, developers can proactively avoid a majority of the cyber threats we are facing. Those expected benefits mainly come from preventing attacks on hundreds of federal networks expected to cost a cumulative federal $2 billion in damages.
The Role of AI in Code Conversion
The Great Refactor’s heavy reliance on AI tools signals a new era in the development and maintenance of software. AI has shifted the landscape, now offering more powerful capabilities that can greatly simplify the process of converting code. Challenges remain. We’re really excited about the power of AI to help drive conversions, but it’s critical that marketers use this new technology responsibly,” said Bradley.
“There will never be a silver bullet for AI being 100 percent robust against doing the wrong thing, whether it is by hallucinating or by not understanding the assignment.” – Herbie Bradley
The primary emphasis of these proposed initiatives will be conversion. Beyond that, pair-programming will ensure that the resulting Rust code is maintainable. Even experts in the field admit that keeping AI-generated code up to date is a challenge. Jessica Ji, an industry specialist, explains that though AI can make the translation process easier, human oversight is still key.
“Assuming everything goes well with the AI translation, the resulting Rust code will need to be maintained and monitored somehow,” – Jessica Ji
Additionally, she notes that there are far fewer experts in Rust than in C and C++, which are more established languages. Such discrepancy may have far reaching effects on oversight quality on freshly converted codebases.
“There are a lot fewer Rust experts out there than C/C++ experts, so the number of expert eyes on the codebase(s) will likely be fewer.” – Jessica Ji
Future Implications for Software Development
We are currently in the Great Refactor’s early stages, but its impact on the future of software development will be significant. Josh Triplett, an open-source developer contributing to the Rust project, asserts that demand for Rust versions of major libraries will likely increase over time. He sees a day where developers of all types can just pull up secure alternatives to their current code through an easy-to-use platform.
“If you do AI-translated code, you are likely to end up with code that is difficult for a human to maintain compared to what was manually translated,” – Josh Triplett
The deepening national influence of NALGEP makes this initiative especially timely. AI companies have a strong incentive to overhype what their models are capable of today. Tech policy advocate Jessica Ji names this motivation as a key driver in the tech industry.
“I think it’s a good time to pitch a proposal like this because AI companies are particularly incentivized to show off their models’ capabilities,” – Jessica Ji
As The Great Refactor unfolds, it may serve as a model for future collaborations between classical computer science principles and modern AI technologies.
“The whole point of TRACTOR is to explore all the different ways you might mix and match, for lack of a better term, classical computer science with modern AI.” – Dan Wallach