Russ Cox

The Story

The Man Who Made Go Work

Russ Cox is the kind of engineer who makes other engineers feel better about their own work - not because he fails, but because he explains failure so well. A Distinguished Engineer at Google and the technical lead of the Go programming language for over a decade, Cox is the steady hand behind one of the most commercially successful programming languages of the last twenty years.

He is not a celebrity technologist. He does not post hot takes. His Twitter bio reads "Go Hacker. Mistake maker." and that is a more accurate self-portrait than most engineers manage. What Cox does instead of performing is build. The regex engine. The module system. The compatibility guarantee that lets Go programs written in 2012 compile unchanged in 2024. These are not glamorous achievements. They are the kind of achievements that hold the internet together without anyone noticing.

He grew up near Bell Labs, spent time in its computer science department as a high schooler, and absorbed a philosophy that still shows in his work: build something that actually runs, make it fast, make it safe, and document it so clearly that future engineers understand not just the what but the why. The Bell Labs DNA is unmistakable.

Lost interest in having the newest technology long ago. I like to find things that work and stick with them.

After stepping down as Go's technical lead in September 2024, Cox shifted focus to something new: AI-powered agents that help open source maintainers do the grinding, unglamorous work that keeps software alive. The project is called Gaby and Oscar. It is very Cox - practical, security-conscious, and aimed at the part of the problem everyone else is ignoring.

Quick Facts

Full Name Russell Stensby Cox

Known As Russ Cox / rsc

Nationality American

Current Role Distinguished Engineer, Google

Email rsc@swtch.com

Website swtch.com

Research Blog research.swtch.com

GitHub @rsc

Mastodon @rsc@hachyderm.io

Focus Go, Security, AI Tooling

Formation

Education

Bachelor of Science

Harvard University

Computer Science

Master of Science

Harvard University

Computer Science

PhD, Computer Science

MIT

Parallel & Distributed Systems

Track Record

What He Built

RE2 - The Safe Regex Engine

Created RE2, a regex engine that guarantees linear-time matching using automata theory. Eliminates the ReDoS attack class entirely. Used in production at Google since 2006 and adopted across the industry.

Go Language - 12 Years of Stewardship

Technical lead of the Go programming language from 2012 to 2024. Oversaw the language's growth into one of the most widely used systems languages, including the landmark generics release in Go 1.18.

Google Code Search

Built as an intern project in 2006 using trigram indexing. Launched October 5, 2006. Indexed billions of lines of code and became a beloved developer tool before being shut down in 2012.

Plan 9 from User Space

Ported almost all Plan 9 user-level software to FreeBSD, Linux, and macOS. Now more widely used than Plan 9 itself. Made Bell Labs' OS research accessible to working engineers.

Go Module System

Designed and led the Go module system and versioning approach, solving dependency management for millions of Go programs. The compatibility guarantee ensures Go code keeps working across decades.

libtask - Coroutine Library

Created libtask, a simple coroutine library for C with cooperative scheduling and channels. Directly influenced the concurrency model that became Go's goroutines and channels.

In Depth

The Long Game

The Regex Papers That Changed How People Think

In 2007, Cox published "Regular Expression Matching Can Be Simple And Fast" on his personal site. It was not a paper submitted to a conference. It was not reviewed by a committee. It was just a precise, beautifully written explanation of why most regex engines are dangerously slow - and how they don't have to be. The piece spread through the programming community the way good explanations always do: person by person, link by link, until it became required reading.

The series continued through 2012 - four articles in total, covering the virtual machine approach, automata theory, and real-world regex behavior. Today, those articles are cited in university courses, security research, and engineering onboarding documents. The writing is Cox at his most characteristic: no unnecessary words, no hand-waving, and the kind of worked examples that make a difficult concept click.

RE2, the library that emerged from this research, is the practical result. It's in use at Google, Cloudflare, and countless other organizations - not because it's faster than every alternative in every case, but because it's predictably fast. It eliminates the entire class of regex denial-of-service vulnerabilities by design. That is a security property, not a performance feature. Cox understood the difference.

Go's Compatibility Guarantee - The Underrated Masterwork

Most of the public conversation about Go focuses on goroutines, channels, and the recent addition of generics. Cox's contribution that may matter most over the long term is quieter: the Go 1 compatibility guarantee, which promises that programs written for Go 1.0 will continue to compile and run correctly in all future Go 1.x releases.

This sounds like a modest promise. It is not. Maintaining backward compatibility across a decade of language evolution requires constant discipline, careful tooling, and the willingness to tell people "no" when they propose changes that would break existing code. Cox led this effort for over a decade. The result is a language where upgrading the compiler is not a project - it is a Tuesday afternoon task.

He has spoken publicly about how the Go team tests compatibility: running every public Go module against new releases, catching regressions before they ship. This is not heroic. It is methodical. It is exactly the kind of work that never gets a TechCrunch article and keeps millions of production systems running.

Generics: The Long Wait Paid Off

Go's lack of generics was the community's longest-running complaint. Cox and the team were aware of the demand - he addressed it directly in his "The Future of Go" keynote at GopherCon 2017. The decision to wait was deliberate: the Go team wanted to understand the use cases before committing to a design, because a poorly designed generics system would be worse than none.

Go 1.18, released March 15, 2022, introduced generics using type parameters. It was Go's most significant language change since the original release. Cox framed it clearly: "Generics are the most significant change to Go since Go 1." The wait produced a design that fits Go's philosophy - powerful enough to eliminate significant boilerplate, restrained enough to keep code readable.

Supply Chain Security - Before It Was a Crisis

Long before the xz backdoor attack made supply chain security front-page tech news, Cox was writing and speaking about it. His 2019 piece "Surviving Software Dependencies" in Communications of the ACM laid out the risks of the open source dependency ecosystem with characteristic clarity. He co-authored research on Google's approach to supply chain security and presented at ACM SCORED 2023.

When the xz attack emerged in April 2024 - a sophisticated, years-long effort to insert a backdoor into a widely used compression library - Cox published one of the most detailed technical analyses of what happened, including a timeline and a line-by-line walkthrough of the attack shell script. It is the kind of writing that turns a frightening incident into teachable knowledge.

After Go: AI for the Maintainers Nobody Thinks About

When Cox stepped down as Go's technical lead in September 2024, he did not retire or shift to management. He started building something new. Gaby and Oscar are AI agent systems designed to help open source maintainers with the work that burns people out: triaging issues, identifying duplicates, managing the perpetual backlog of a popular project.

The first capability - automatically identifying similar issues when new ones are submitted - launched June 7, 2024. It uses Google's Gemini LLM and is described by Cox as currently the most impactful feature. The goal is not to replace human maintainers but to give them leverage over the parts of the job that are purely mechanical. This is classic Cox: identify the actual problem, build the minimal thing that addresses it, iterate from there.

His blog at research.swtch.com continues to publish original technical work. In January 2026, he published a series on floating-point formatting that covered Knuth's fixed-point printer, floating-point printing and parsing, and fast unrounded scaling. These are not hot topics. They are hard topics. Cox writes about them because they matter, and because he has thought about them more carefully than most.

Career Arc

How We Got Here

~1990s

Spent time at Bell Labs computer science department during high school and college. First exposure to Plan 9 and the Unix philosophy that would shape his career.

2002

Created Plan 9 from User Space - porting Plan 9's tools to Linux, FreeBSD, and macOS. Recognized that the internet had won, and made peace with it productively.

2004

Joined Google as a software engineer. Began PhD at MIT in the Parallel and Distributed Operating Systems group under Barbara Liskov and Frans Kaashoek.

2006

Built Google Code Search as an intern project using trigram indexing - launched October 5, 2006. Began work on RE2, putting regex research into production.

2007-2012

Published landmark series of four articles on regular expression theory. These became essential reading in computer science education and security research.

2012

Joined the Go team at Google as technical lead. Go had been open source for three years and was beginning its ascent in industry adoption.

2019

Published "Surviving Software Dependencies" in Communications of the ACM - a prescient analysis of open source supply chain risks.

2022

Go 1.18 released with generics. Cox called it "the most significant change to Go since Go 1." Twelve years of discipline paid off in a clean design.

Apr 2024

Published detailed technical analysis of the xz open source backdoor attack (CVE-2024-3094) - one of the most thorough public post-mortems available.

Jun 2024

Launched Gaby, an AI bot for open source issue management using Google Gemini. First prototype of a broader vision for AI-assisted maintenance.

Sep 2024

Stepped down as Go technical lead after 12+ years. Austin Clements named successor. Cox remains involved and shifts focus to new AI tooling work.

2025-26

Continues publishing original research on research.swtch.com. Recent work covers floating-point formatting, differential coverage debugging, and bisect debugging in compilers.

The Portfolio

Things He Made

Regex

RE2

Safe, linear-time regex engine. Eliminates ReDoS attacks by design. In production at Google since 2006. The industry standard for handling untrusted patterns.

Language

Go

12+ years as technical lead. Oversaw generics, modules, fuzzing, and the compatibility guarantee. One of the most commercially adopted open source languages.

AI Tooling

Gaby & Oscar

AI agent system for open source maintenance. Identifies similar issues automatically. Powered by Google Gemini. Aimed at giving maintainers leverage over the mundane.

Systems

Plan 9 USpace

Port of Plan 9's best tools to Linux, FreeBSD, and macOS. Now more widely used than Plan 9 itself. The pragmatic survival of Bell Labs' OS research.

In His Words

What Russ Cox Says

"

Lost interest in having the newest technology long ago. I like to find things that work and stick with them.

"

The goal of the Go 1 compatibility guarantee is to make sure your programs keep working.

"

Generics are the most significant change to Go since Go 1.

"

Regular expression matching need not be this slow. Automata theory provides the tools to do it better.

The Details

Things Worth Knowing

! His domain swtch.com is a reference to "switch" - the networking concept. Not the Nintendo console.
! libtask, his C coroutine library, directly influenced Go's goroutines and channels - arguably his least-credited but most consequential contribution to the language.
! He is one of the few engineers alive who worked directly with both Ken Thompson and Rob Pike on two separate influential projects: Plan 9 and Go.
! Google Code Search, which he built as a 2006 intern project, was shut down in 2012. He open-sourced the implementation. Developers still mourn it.
! His 2007 regex articles are still widely cited in computer science courses and security research nearly two decades after publication.
! He made a 2024 resolution to reduce posting on Twitter/X and migrated primarily to Mastodon (hachyderm.io) and Bluesky. He kept the resolution.

Stories

The Anecdotes

01 Cox grew up near Bell Labs and spent time in the computer science department during high school and college - not as an intern, just as someone who showed up. This informal apprenticeship alongside the people who built Unix left a mark that's visible in every piece of software he has shipped.

02 He used Plan 9 as his day-to-day operating system until around 2002. When he recognized that the internet had made Plan 9's model non-viable, he didn't mourn it - he ported its best tools to Linux and macOS and moved on. This is characteristic: unsentimental pragmatism in service of actual usefulness.

03 Google Code Search started as an intern project when Jeff Dean suggested building a web grep interface over the world's public source code. Cox built it using trigram indexing, launched it in October 2006, and it became a beloved developer tool. Google killed it in 2012. Developers have been upset about this for over a decade.

04 When the xz backdoor attack emerged in April 2024 - one of the most sophisticated supply chain attacks ever documented - Cox published a detailed technical walkthrough within weeks. Not because he was required to. Because explaining things clearly is what he does with hard problems.

Recent Activity

Latest from Russ Cox

Jan 2026

Published floating-point formatting series on research.swtch.com: Knuth's Fixed-Point Printer, Floating-Point Printing and Parsing, Fast Unrounded Scaling.

Apr 2025

Published "Differential Coverage for Debugging" - a practical technique for isolating bugs using coverage information.

Sep 2024

Stepped down as Go technical lead after 12+ years. Austin Clements named successor. Cox remains involved with the project.

Jul 2024

Published "Hash-Based Bisect Debugging in Compilers and Runtimes" - a practical tool for compiler and runtime debugging.