Why Exaba Bet on Rust

Quick clarification before we start. When we talk about Rust, we’re not talking about metal fatigue, oxidation, or anything you’d find in a workshop. Rust is a modern programming language, one increasingly used to build the most critical infrastructure software in the world. (Apologies to the tech guys! We felt we might need to make that distinction up front)

So, does the choice of programming language really matter? The short answer is yes. Most people never think about what software is written in. That is… until something breaks.

When systems fail, it’s never convenient. ever! In those moments, the “invisible” engineering decisions, how software was designed, tested, and written suddenly become very visible.

There is a reason why the US government now states that all new government critical systems are written in memory safe language. For systems designed around security and compliance, it makes sense to build safety at the foundational level.

However, for decades, infrastructure software followed a familiar pattern. C and C++ for performance. Java for developer productivity. Python for orchestration and data. These languages built the internet, but as the internet grew in size, so did its complexity. This complexity has led to a fundamental security weakness in these languages.

The numbers are a little uncomfortable. Microsoft has publicly stated that around 70% of its security vulnerabilities are caused by memory-safety issues, most commonly associated with C and C++. That’s not poor engineering. It’s what happens when developers are expected to manually manage memory perfectly, at scale and under pressure.

Rust exists because that trade-off stopped making sense.

Rust was designed specifically for building low-level, high-performance systems without relying on human discipline alone. Its ownership model, strict compiler checks, and explicit concurrency rules force correctness before code ever runs. If your code could leak memory, race across threads, or access data unsafely, Rust simply refuses to compile it.

This isn’t theory, it’s proven in production.

Mozilla, the original sponsor of Rust, dramatically reduced critical memory vulnerabilities by replacing C++ components in Firefox. Amazon Web Services uses Rust extensively in Firecracker, Nitro, and S3-adjacent services where isolation, security, and performance are non-negotiable. Cloudflare reports significantly fewer critical bugs per line of Rust than C in systems operating at global internet scale.

Creating the standard

This is no longer experimentation. It’s an industry correction. So why Rust and why should you care?

1. Memory Safety Without Compromising Performance
Rust eliminates entire classes of bugs, buffer overflows, use-after-free, null pointer dereferencing at compile time. There’s no garbage collector and no runtime penalty. You get near-metal performance with dramatically reduced exploit risk.

2. Concurrency You Can Trust
Modern storage platforms are massively parallel by default. Rust turns data races into compiler errors, not late-night incidents. If code isn’t thread-safe, it simply won’t build.

3. Predictable Behaviour Under Pressure
Garbage-collected languages can pause unpredictably. Rust doesn’t. That means consistent latency even during rebuilds, replication, or failure recovery, exactly when predictability matters most.

4. Smaller Security Blast Radius
Unsafe operations in Rust must be explicitly declared. Engineers know precisely where risk exists and why. This drastically reduces the impact of bugs that do make it through.

5. Lower Operational Cost Over Time
Fewer critical bugs means fewer emergency patches, fewer outages, and fewer sleepless nights. Rust reduces not just technical risk, but operational overhead.

Why This Matters for Storage 

Storage is one of the hardest classes of software to build correctly. Thousands of simultaneous reads and writes. Continuous replication. Erasure coding rebuilding data while workloads stay live. In traditional languages, this relies heavily on testing, process, and hope.

Rust removes many of those failure modes entirely. The term ‘rust’ came from a philosophy that this code was designed to be written and then left to ‘rust’, sit there forever without having to be touched again. Because, when things get touched, they sometimes break! That’s why Exaba built its LocalScaler Object Storage solution in Rust. A robust software code that removes significant risk.

This isn’t just about storing more data. It’s about predictable behaviour, even when things go wrong. Rust allows Exaba to deliver high-throughput, S3-compatible storage without garbage collection pauses, while enforcing strong memory isolation between tenants and safer concurrency during rebuilds and replication.

When a customer  is restoring data after say a ransomware attack “usually safe” isn’t good enough. You need software that refuses to let dangerous behaviour exist in the first place.

Even the Linux kernel is now accepting Rust contributions. Microsoft mandates Rust for new security-sensitive components. AWS and Cloudflare are building core infrastructure on it. The direction of travel is clear.

Rust doesn’t make software perfect. It makes entire categories of failure impossible.

For Exaba, choosing Rust wasn’t about chasing trends or being clever. It was about trust. Because when your customers’ data is on the line, the safest system is the one whose mistakes never compile.Exaba is building the world’s first LocalScaler storage service for MSP, data centers, cloud providers and enterprise. To find out more about how Exaba is building the future of data storage, visit www.exaba.com or reach out and talk to one of our team.