[kbenson]

Sure. I just meant that since they adopt and enforce the usage of secure equivalents to some common functions (e.g. some string utilities), and along with very strictly enforced rules about how code gets accepted, it's about the best we can expect in some situations. Not everyone is willing to consider using something other than C. I think the pragmatic approach is to point to C projects that have been largely successful in their security approach. If it causes them to adopt the onerous requirements for safe C, or to reevaluate their position, I count those both as positive outcomes.