In recent years, it has been repeatedly shown that memory safety problems account for the vast majority of security vulnerabilities in software systems. In response, security researchers and government agencies alike have urged software developers to replace their use of C and C++ with memory-safe programming languages. Fortunately, there are several native programming languages to choose from, but there is a catch: you must rewrite your code to get these memory-safety benefits. In today's established software systems, that could mean rewriting hundreds of millions of lines of existing C and C++ code, which is beyond impractical.

To move memory safety forward in an established software system, we propose an incremental approach comprised of three parts. First, use of a memory-safe language (in our case, Swift) for new code or for targeted rewrites. Second, memory-safety improvements to C and C++ that can be applied to large swathes of existing code. Finally, deep interoperability between the memory-safe language and existing C and C++ without sacrificing memory safety. This talk will explore all three aspects of this approach in the context of Swift, and will reflect on lessons learned for both programming language design and rollout in an established software system.