Forcing Rust: How Big Tech Lobbied the Government Into a Language Mandate

14 min read Original article ↗

Ognian Milanov

Memory safety is a real problem. Roughly 70% of CVEs in Chrome and Microsoft products trace back to memory safety bugs — use-after-free, buffer overflows, dangling pointers. The data is compelling and nobody serious disputes it.

What is disputable is who’s driving the solution — and who benefits from it. Since 2022, the US government has issued a cascade of reports urging adoption of “memory-safe languages,” with Rust as the clear favorite. These reports are routinely treated as independent security guidance. But trace the money, the data, and the organizational ties, and a different picture emerges: the companies that invested earliest and heaviest in Rust are the same ones whose data, executives, and funding shaped the policy that now pressures an entire industry to follow them.

The Rust Foundation: Follow the Platinum

The Rust Foundation was launched in February 2021 with five founding Platinum members: Google, Microsoft, Amazon Web Services, Huawei, and Mozilla. Each committed to a two-year, million-dollar budget. Meta joined at the Platinum level shortly after, followed by JFrog. By 2022, the foundation had 39 member companies, and the Platinum roster read like a who’s-who of companies that would later benefit most from government Rust mandates.

This isn’t unusual — corporate foundations supporting open-source languages are common. What’s unusual is how directly these same companies’ data and advocacy fed into government policy within a year of the Foundation’s creation. As IDC analyst Arnal Dayaratna told TechTarget: “Both of these decisions are illustrative of a desire to steer the evolution of each respective language.” Constellation Research analyst Holger Mueller was blunter: “Tech vendors seem to have found a heart recently to fund foundations, mostly because they need the standards to interoperate to protect investments.”

Google: Manufacturing the Evidence Base

Google’s role in the Rust-to-government pipeline is the most direct. Starting around 2019, Google began shifting new Android development to memory-safe languages. By 2022, Google engineer Jeff Vander Stoep was publishing data showing that memory safety vulnerabilities in Android had dropped from 223 in 2019 to 85 in 2022 — and attributing the decline primarily to Rust adoption.

This data became the case study cited by every subsequent government report. CISA’s 2023 guidance referenced it. The White House ONCD report referenced it. The June 2025 CISA/NSA joint report cited Google’s Android data as the primary industry evidence for memory-safe language effectiveness. By November 2025, Google was claiming a “1000x reduction in memory safety vulnerability density” in Rust code compared to C/C++.

Google didn’t just supply the data — it funded the ecosystem that made Rust viable. In February 2024, Google announced a $1 million grant to the Rust Foundation specifically to improve Rust-C++ interoperability through tools like Crubit. Google VP Dave Kleidermacher stated the investment aimed to “expand the adoption of Rust across various components of the platform.” Google also began integrating Rust into Chromium in 2023, affecting not just Chrome but every Chromium-based browser — Edge, Opera, Brave, and dozens more.

The pattern: Google produces data showing Rust works → government cites Google’s data in policy documents → policy pressures industry to adopt Rust → Google’s existing Rust investment becomes a competitive advantage.

Microsoft: From a Tweet to National Policy

Microsoft’s Rust advocacy began in 2019 when the Microsoft Security Response Center revealed that 70% of their CVEs over the past 12 years were memory safety issues. That statistic became the single most-cited data point in the memory safety debate.

In September 2022, Azure CTO Mark Russinovich posted on Twitter: “It’s time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required. For the sake of security and reliability, the industry should declare those languages as deprecated.” He framed it as a personal opinion, not Microsoft policy. But within months, Microsoft had begun rewriting parts of the Windows kernel in Rust, and Russinovich’s “personal opinion” had effectively become corporate direction.

At RustConf 2025, Russinovich delivered a keynote titled “From Blue Screens to Orange Crabs: Microsoft’s Rusty Revolution,” describing how Rust code was already running in the Windows kernel (win32kbase_rs.sys). In December 2025, Microsoft Distinguished Engineer Galen Hunt posted a LinkedIn job listing stating: “My goal is to eliminate every line of C and C++ from Microsoft by 2030.” Though Hunt later clarified this was a research project, not a Windows strategy, the ambition was clear.

Microsoft’s 70% statistic and Google’s Android data form the two pillars of the government’s case. Both companies are Platinum Rust Foundation members. Both stand to benefit from the policy they helped justify.

Amazon: Cloud Leverage

Amazon’s position is perhaps the most structurally significant. AWS is the US government’s dominant cloud provider, holding a $10 billion NSA contract, part of the $9 billion JWCC Pentagon contract, and a fresh $1 billion GSA OneGov agreement signed in 2025. When the government’s largest cloud vendor is also a founding Platinum Rust Foundation member, the line between vendor preference and policy influence becomes very thin.

AWS has built critical infrastructure in Rust. Firecracker, the microVM technology powering AWS Lambda and Fargate, is written entirely in Rust. Bottlerocket, Amazon’s container-optimized Linux distribution, uses Rust for its build system. The EC2 team has adopted Rust as its preferred language for new AWS Nitro System components.

Amazon also funds the broader Rust ecosystem through ISRG’s Prossimo project. In 2024, AWS committed $1 million to Prossimo to fund memory-safe rewrites of critical internet infrastructure — an AV1 decoder, sudo/su, the Rustls TLS library, and NTP. AWS Head of Open Source Strategy David Nalley called it “furthering ISRG’s mission to build a more memory safe internet.”

The incentive structure is straightforward: AWS builds government cloud infrastructure in Rust → government mandates memory-safe languages → competitors face rewrite costs → AWS’s existing Rust investment becomes a moat.

DARPA TRACTOR: Taxpayer-Funded Rust Migration

The corporate lobbying didn’t stop at shaping policy documents. In July 2024, DARPA launched TRACTOR — Translating All C to Rust — a program to fund automated C-to-Rust conversion using LLMs. The program awarded contracts to seven academic teams at roughly $2 million each, for a total of approximately $14 million.

DARPA program manager Dan Wallach framed it as addressing the practical reality that “rewriting code is expensive and labor-intensive, and organizations with large legacy codebases simply cannot afford that in many cases.” But the framing itself is revealing: DARPA isn’t funding research into making C safer, or exploring Ada, or investigating hardware-based memory safety solutions like CHERI at comparable scale. It’s funding automated conversion to one specific language — the same one its biggest government contractors happen to have invested in.

One company already positioned to benefit: Immunant, which maintains a C-to-Rust translation tool developed with prior DARPA support. The University of Illinois team received a DARPA-issued TRACTOR award to build tools targeting “critical infrastructure domains, including aerospace, automotive, and defense.”

The Prossimo Pipeline

The connection between corporate funding and government policy runs through several intermediary organizations. ISRG’s Prossimo project — operated by the nonprofit behind Let’s Encrypt — is explicitly dedicated to “moving critical software to memory safe code,” which in practice means rewriting things in Rust. Prossimo pays the primary maintainer of Rust for Linux, Miguel Ojeda, and has been funding his full-time work since April 2021.

Prossimo’s funding comes substantially from corporate sources. AWS provided $1 million. The OpenSSF Alpha-Omega project provided $530,000 for Rustls and Rust for Linux work. Alpha-Omega itself is funded by Google and Microsoft. So Google and Microsoft fund Alpha-Omega, which funds Prossimo, which pays the developer maintaining Rust in the Linux kernel, which then becomes evidence that Rust is production-ready for kernel work, which gets cited in government reports recommending Rust adoption.

The money flows in a circle, and at each stop it generates “independent” evidence that Rust is the answer.

The CISA Secure by Design Pledge

CISA’s “Secure by Design” pledge operationalizes the pressure. The voluntary pledge asks software manufacturers to demonstrate progress on seven goals within a year of signing, including “publishing a memory safety roadmap.” As of late 2025, over 296 organizations had signed, including GitHub, Google, and other major players.

The progress reports are illuminating. Companies cite their Rust adoption as compliance evidence. Cloudflare’s statement references “open sourcing our proxy built in memory safe Rust.” Beyond Identity titled its report “Getting Rusty: Beyond Identity’s Journey to Memory Safety.” The pledge is nominally language-agnostic, but in practice “memory safety roadmap” has become a synonym for “Rust adoption plan.”

CISA has set a January 1, 2026 deadline for organizations to publish memory safety roadmaps. The language is voluntary, but CISA warns that failing to act “significantly elevates risk to national security, national economic security, and national public health and safety.” For government contractors, voluntary guidance from CISA has a way of becoming mandatory through procurement requirements.

What the Feedback Loop Leaves Out

The corporate-government Rust feedback loop systematically marginalizes alternatives.

Ada — the language the DoD itself once mandated for safety-critical systems — was added to the NSA’s memory-safe list only after the original 2022 publication, an apparent afterthought. Ada, with its ISO standardization, multiple compiler implementations, formally verifiable SPARK subset, and decades of deployment in aviation (DO-178C) and defense, should be the default recommendation for the very systems the policy targets. But Google, Microsoft, and Amazon have no Ada investment, no Ada ecosystem presence, and no Ada hiring pipeline. Ada doesn’t benefit the companies driving the conversation.

C++ modernization approaches — sanitizers, static analysis, formal verification, Safe C++ proposals — are dismissed rather than evaluated. Google’s own C++ Style Guide implicitly acknowledges that modern C++ with proper tooling can be made substantially safer. But “invest in tooling” doesn’t create the same vendor advantage as “switch to the language we already use.”

Hardware-based solutions like CHERI (Capability Hardware Enhanced RISC Instructions) and ARM’s Memory Tagging Extensions get brief mentions in government reports but no comparable policy push or DARPA-scale funding directed at their adoption. These technologies can protect existing C/C++ code without rewrites — which is precisely why they’re less interesting to companies selling Rust migration services.

The Standardization Trap

The governance risk compounds the influence problem. C++ is specified by an ISO standard with multiple competing compilers (GCC, Clang, MSVC). Ada is similarly ISO-standardized with multiple implementations. Rust has a single compiler (rustc), a single reference implementation, an incomplete specification effort, and governance by the Rust Foundation — which is controlled by its Platinum corporate members.

The Rust Foundation’s board includes seats for its corporate sponsors alongside community representatives. As TechInformed reported, Foundation CEO Rebecca Rumbul claimed community members get veto power over corporate decisions. But the financial dependency is real: the Foundation’s operations depend on Platinum member dues. When Google, Microsoft, and Amazon collectively fund the foundation, the language’s governance, and the ecosystem infrastructure, they wield structural influence even without explicit control.

The Rust for Linux project’s internal turmoil — with key maintainer Wedson Almeida Filho quitting over “non-technical nonsense” — and chronic maintainer burnout illustrate what happens when a language’s community infrastructure can’t match the expectations being placed on it by corporate and government pressure.

The Pattern

This isn’t a conspiracy. It’s something more mundane and more durable: structural incentive alignment.

Google, Microsoft, and Amazon made early, large investments in Rust. Those investments produced data showing Rust reduced vulnerabilities in their products. That data was cited by government agencies building the case for memory-safe language adoption. The resulting policy pressure benefits the companies that invested early while imposing transition costs on competitors. Government funding (DARPA TRACTOR) and nonprofit intermediaries (Prossimo, OpenSSF) further accelerate Rust specifically, funded by the same companies that benefit from adoption. The cycle reinforces itself.

A genuinely security-motivated policy would look different. It would establish formal criteria for memory safety rather than maintaining a curated list. It would equally weight Ada, which already meets every stated requirement. It would evaluate tooling-based approaches against language-transition approaches on cost-effectiveness. It would treat Rust’s unsafe escape hatch with the same scrutiny applied to C/C++. And it would ensure the governance of any recommended language isn't dominated by a handful of corporations with financial interests in its adoption.

Instead, we have a policy that was shaped by corporate data, amplified by corporate advocacy, funded by corporate money, and structured to benefit the corporations that shaped it. The borrow checker is brilliant engineering. But what’s being forced onto the industry isn’t just a borrow checker — it’s an ecosystem, a hiring pipeline, a vendor dependency, and a governance structure, all wrapped in the language of national security.

The question isn’t whether memory safety matters. It does. The question is whether the right response is a government mandate that happens to align perfectly with the commercial interests of the companies that lobbied for it.

References

Rust Foundation and Corporate Investment

Google — Android and Chromium Rust Adoption

Microsoft — Rust Adoption and Advocacy

Amazon — AWS, Firecracker, and Prossimo Funding

DARPA TRACTOR Program

ISRG Prossimo and OpenSSF

Government Policy Documents

Reporting and Analysis