This post is a short refreshing post, providing some food for thoughts and expanding a little on the two recent consecutive blog posts by Microsoft Security Response Center which describes why Rustlang is the way to go as a modern system language with compile time safety guarantees.
Ears pricked up?
C/C++ are inherently unsafe languages, no matter how many static-analyzers or sanitizers to use. In particular, C/C++ are impossible to get right. Even if one can claim they write safe C/C++ code, when it comes to interfacing other programs, they cannot guarantee anything.
John Regehr in a series of blog posts (also presented in CppCon 2017) extensively describes some of the Undefined Behavior pits falls in C abstract machine and how the C/C++ guideline does not help the programmers to have a concrete and useful mental model when writing C/C++ codes. Moreover, Chris Lattner continues in that realm with What Every C Programmer Should Know About Undefined Behavior.
I should note that the complete semantic of the Rust abstract machine has not been fully defined yet and is under heavy research (RustBelt paper) and discussions with a final goal of formally proving the safety guarantees of Rust abstract machine. To see more details, you might have a look at Rust unsafe-code-guideline.