[ArkyBeagle]

I'm just the wrong guy to ask about this - I know how to limit (if not eliminate) vulnerabilities, at least in what I control.

It's harder to fix culture problems with tools than we might think, in general. Perhaps future generations will look at 'C' the same way we look at open-belt farm machinery. I can't say. But the sheer volume of incumbent 'C' code bases will be around for a while.

[nickpsecurity]

That's honest. :) I agree it will be around a while thanks to all the incumbent code. It's why I push for efforts to automatically deal with its issues at least for legacy code. Astree Analyzer, Softbound + CETS, CHERI processor, and CompCert compiler are all top examples of that. Links below. Enjoy. :)

http://www.absint.com/astree/index.htm

http://www.cs.rutgers.edu/~santosh.nagarakatte/softbound/

https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201503...

http://compcert.inria.fr/