[nicoburns]

> For many existing code bases (especially for projects with clearly defined scope) good enough is easier achieved by fixing up C code compared to a rewite in a different language.

I feel like this is because our standards for "good enough" are so low, partly because languages like C and C++ make it so hard to do any better. It's true that there is a high cost to switching languages for an existing project, but the cost we are paying for all of foundational tools and libraries being built in a shaky unsafe way is also huge.

Studies I've seen suggest that ~70% of security vulnerabilities in C and C++ codebases are bugs (memory safety, thread safety, undefined behaviour) that would be caught by static checks in other languages. Think how much time and effort goes into ensuring basic safety invariants in C codebases. Then think how many of the remaining logic bugs we could catch if that effort was spent entirely on finding them.