We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

(Emphasis in original.)

Of course, we should probably take the numbers with a grain of salt here; it’s not a controlled scientific experiment, and the estimated vulnerability density for Rust in particular was calculated with a numerator of 1, so it could be way off.

Still, I think it’s a good reminder that advocacy for using Rust over C and C++ isn’t purely out of some irrational fanboy-ism for the language. The numbers here would have to be extremely off for there not to be a major effect.

Further down in the article:

This near-miss inevitably raises the question: “If Rust can have memory safety vulnerabilities, then what’s the point?”

The point is that the density is drastically lower. So much lower that it represents a major shift in security posture. Based on our near-miss, we can make a conservative estimate. With roughly 5 million lines of Rust in the Android platform and one potential memory safety vulnerability found (and fixed pre-release), our estimated vulnerability density for Rust is 0.2 vuln per 1 million lines (MLOC).

Our historical data for C and C++ shows a density of closer to 1,000 memory safety vulnerabilities per MLOC. Our Rust code is currently tracking at a density orders of magnitude lower: a more than 1000x reduction.