Microsoft targets 1M lines of C/C++ per engineer per month. Linux kernel removes Rust “experimental” tag. Memory safety convergence is here.

Two codebases. One week. The memory safety war just escalated.

Microsoft announced a plan to eliminate every line of C and C++ by 2030, targeting one million lines of code per engineer per month using AI agents. The Linux kernel maintainers just removed the “experimental” tag from Rust at the Tokyo Summit.

The industry’s two largest codebases are betting on the same future.

This is not coincidence. This is convergence. Memory safety is no longer theoretical. It is operational.

But convergence does not mean agreement. The controversy runs deep, and the technical trade-offs remain real.

The Microsoft Bet: AI-Powered Migration at Scale

Galen Hunt, Microsoft Distinguished Engineer, has an ambitious target: “eliminate every line of C and C++” by 2030.

Microsoft is building infrastructure to convert one million lines of code per engineer per month. They have approximately 500 active online portals to migrate. They are hiring Principal Software Engineers at 274,800 to staff the “Future of Scalable Software Engineering” group.

This is not a research project. This is industrial-scale code transformation.

I am a human writer who gets motivated to write more with your support! You don’t need to pay. I just need your clap 👏 if you like my story and comment ✍️ if you want to say something. You can follow me on Medium, LinkedIn, and Bsky.

Why AI Agents Change the Equation

Previous migration attempts failed because manual conversion does not scale. You cannot ask engineers to rewrite millions of lines by hand while maintaining feature parity.

Microsoft’s approach combines algorithmic analysis with AI agents. The AI handles pattern matching and boilerplate translation. Algorithms verify correctness. Engineers handle edge cases and architectural decisions.

This is the same pattern we see across enterprise AI adoption: augment expertise, do not replace it. The one million lines target assumes heavy automation with human oversight at critical decision points.

Memory safety is no longer a language philosophy debate. It is an engineering economics calculation: the cost of memory vulnerabilities versus the cost of migration.

The Linux Kernel Milestone: From Experimental to Core

December 2025 marked a turning point.

At the Tokyo Linux Kernel Maintainers Summit, Rust officially lost its “experimental” tag. After five years of debate, integration work, and pilot implementations, Rust is now core to the Linux kernel.

The maintainers reported “zero pushback” on the decision.

This matters because kernel development is conservative by necessity. The kernel runs on everything from supercomputers to embedded devices. Changes require consensus across a global community of maintainers with decades of C experience.

The First Rust CVE: What It Actually Means

Within days of the announcement, Linux kernel Rust code received its first CVE: CVE-2025–68260.

The vulnerability was a race condition in the Android Binder driver involving unsafe code. Some interpreted this as evidence that Rust’s safety promises are hollow.

The context tells a different story.

On the same day, the C portion of the kernel had 159 CVEs issued. One Rust CVE versus 159 C CVEs. The ratio speaks for itself.

The Controversy Remains

Not everyone agrees the transition is wise.

Christoph Helwig, a prominent kernel maintainer, called cross-language codebases “cancer.” His concern is not memory safety per se but the complexity of maintaining a polyglot kernel.

In September 2024, Wedson Almeida Filho, a Microsoft engineer working on Rust for Linux, resigned from the project. His reason: “non-technical nonsense.” The cultural friction between C veterans and Rust advocates remains real.

The debate over “unsafe” code in kernel context continues. Kernel development requires hardware access, interrupt handling, and memory-mapped I/O. Pure safe Rust cannot express all these operations. The question becomes: does marking unsafe code explicitly provide value, or does it create a false sense of security?

The 70% Problem: Why Memory Safety Matters

Both Microsoft and the Linux kernel community are responding to the same data.

Microsoft’s own research found that 70% of CVEs in their products stem from memory safety issues. Google reports similar numbers for Chrome. The statistics are consistent across decades and across organisations.

This is not a C versus Rust debate. This is a “how do we stop writing the same bugs” debate.

I have seen memory bugs cause production incidents, security reviews, and regulatory concerns. The cost is not just engineering time. It is business risk.

The Real Trade-Offs: What Migration Costs

Memory safety is not free. Both Microsoft’s and Linux’s approaches carry genuine trade-offs.

Compile Time Overhead

Rust’s borrow checker analysis takes time. Large codebases experience longer compile cycles than equivalent C. For kernel development, where rapid iteration matters, this friction is real.

Learning Curve

The ownership model is genuinely different. Engineers with decades of C experience face re-learning fundamental patterns. Microsoft’s training investment is substantial. The kernel community relies on documentation and mentorship that takes years to develop.

Ecosystem Maturity

C has fifty years of libraries, tools, and institutional knowledge. Rust has fifteen. The gap is closing but remains significant, especially for niche domains like kernel drivers for obscure hardware.

Interoperability Complexity

Calling Rust from C and C from Rust adds FFI boundaries. Each boundary is a potential bug source and a performance consideration. A hybrid codebase is more complex than a monolingual one.

What This Means for Your Architecture Decisions

The convergence moment creates a decision point for every systems team.

If you are starting new systems development: Rust is now a legitimate default choice. The ecosystem has matured. The tooling works. Microsoft and the Linux kernel are betting their futures on it.

If you are maintaining existing C/C++ codebases: Migration is not mandatory. The question is cost-benefit. Track your memory-related CVEs. If they represent significant security burden, evaluate incremental migration.

If you work in regulated domains: Memory safety alignment with compliance frameworks is coming. ISO standards and government procurement are beginning to mandate memory-safe languages for critical infrastructure. Plan accordingly.

The industry’s two largest codebases have decided. Memory safety is no longer experimental. The question is not whether to adopt it, but when.

Conclusion

Two codebases. Two approaches. One conclusion.

Microsoft bets on AI-powered mass migration, targeting complete C/C++ elimination by 2030. The Linux kernel takes an incremental path, absorbing Rust into its polyglot reality while managing cultural friction.

Both paths lead to the same destination: memory-safe systems as the operational default.

The controversy is not over. Maintainers will continue debating process. Engineers will continue arguing about unsafe blocks. The cultural tensions are real and will persist.

But the strategic direction is set. After decades of academic research on memory safety, after years of language debates, the production decision has been made. By the industry’s two most critical codebases. At the same time.

This is what convergence looks like.

If you are architecting systems today, the question is no longer “should we consider Rust?” It is “what is our memory safety timeline?”

Found this useful? A few claps help other architects and systems engineers discover these lessons.

What is your organisation’s position on memory safety? Are you evaluating Rust for new development, or does your C/C++ codebase still serve you well? The trade-offs vary by context.

I am a human writer who gets motivated to write more with your support! You don’t need to pay. I just need your clap 👏 if you like my story and comment ✍️ if you want to say something. You can follow me on Medium, LinkedIn, and Bsky.