Herbie Bradley, formerly of the Knight Foundation, has been spearheading the effort on The Great Refactor. He wants to convert 100 million lines of code in critical open-source software libraries to the Rust programming language by 2030. This innovative project was one of 12 launched nationwide in 2024. It’s designed to improve software security and performance by pairing state-of-the-art generative AI tools with evergreen code analysis techniques. The U.S. government intends to seed this effort by establishing one through a proposed new “Focused Research Organization.” Lastly and most impressively, they are aiming for a $100 million estimated investment.
That urgency behind The Great Refactor is highlighted by a dramatic surge in cyberattacks. Memory-unsafe languages, such as C and C++, continue to be widely used even today. Yet, they account for approximately 70 percent of software vulnerabilities. The initiative is moving implementation to Rust to improve performance, bringing it on par with C and C++ capabilities. This change is intended to improve memory safety and defend against over 500 cyberattacks, saving over $2 billion in avoided loss.
Leveraging AI for Code Conversion
The Great Refactor’s approach can only be successful if AI coding tools live up to the hype. Recent innovations have shown that these tools can successfully transcribe programs of less than 1,000 lines of code with high accuracy. They can accomplish this with extremely limited adult guidance! With ample sun and transparency, they can even take a stab at programs with up to 5,000 lines.
Bradley agrees, emphasizing the need for new and careful oversight during the conversion process.
“Possibly you’d want to take a little more care in the conversion and maybe use AI to help you, but very carefully,” – Herbie Bradley
This skeptical perspective is indicative of a larger worry that comes from using AI to write full-fledged code for you. The success of The Great Refactor will depend on ensuring that the converted code meets high standards of correctness and performance.
Despite the promise of AI, there is still a huge challenge in purposefully evolving and tracking the resulting Rust code. Jessica Ji, advocacy director for smart software development, cautions against complacency.
“Assuming everything goes well with the AI translation, the resulting Rust code will need to be maintained and monitored somehow,” – Jessica Ji
Additionally, she points to the difference in expertise between Rust and older languages like C and C++.
“There are a lot fewer Rust experts out there than C/C++ experts, so the number of expert eyes on the codebase(s) will likely be fewer,” – Jessica Ji
Challenges Ahead
AI tools provide exciting new ways to convert code, professionals say that relying too much on automation can be dangerous. Josh Triplett cautioned that AI-translated code could introduce complexities further down the road.
“If you do AI-translated code, you are likely to end up with code that is difficult for a human to maintain compared to what was manually translated,” – Josh Triplett
Dan Wallach discusses the importance of blending classical software analysis techniques with new AI-driven methods. This new field integration includes a major layer of complexity to the mix.
“AI seems promising, but also we have decades of research into writing software to analyze other software,” – Dan Wallach
Wallach points out that the project is all about experimenting with new methodologies. Its mission is to combine the rigor of traditional computer science to cutting-edge AI approaches.
“The whole point of TRACTOR is to explore all the different ways you might mix and match, for lack of a better term, classical computer science with modern AI,” – Dan Wallach
The Road Ahead
The Great Refactor project is about much more than checking code off the list. It represents a landmark step forward in the way we are committing to address software security with the growing state of dangerous cyber threats. As a co-founder, Bradley spearheads a dedicated team of under 50 security engineers, AI researchers, and technologists. He thinks that can result in some substantial wins in three to five years.
As Rust becomes increasingly popular with developers, its relatively small user base presents an awkward barrier to wider adoption. The endeavor aims to fill this gap by creating a new codebase with extensive, maintainable code that features memory safety as its key priority.
The Great Refactor can have an even greater positive effect beyond just cybersecurity. It has the potential to radically transform the world of open-source software development too. This new initiative directly addresses vulnerabilities inherent to older programming languages. In turn, it lays the groundwork for more secure and consistent implementations across industries.