[lmm]

> What if all these areas where we use memory-unsafe technologies were replaced by memory managed technologies like C#, Python, Go, etc. Sure, lots of things would run slower (raw TLS in Python, yay), BUT would there suddenly just be less exploits?

Yes. We'd see at least a 30% reduction in exploits, and in the overwhelming majority of use cases the slowdown wouldn't be relevant. Software in those areas would also get written a lot quicker.

The trouble is that there's no incentive to do this, at any level. Software would probably crash more (because one of the biggest ways memory-safe languages avoid security issues is by turning silent corruption into visible crashes). No-one cares if you deliver the project in 50% less time than it would otherwise take (you're still missing the schedule), but everyone cares if it's 50% slower on a meaningless microbenchmark. And C bros no longer get to slap each other on the back about what l33t h4x0rs they are. (I suspect, cynically, that one of the reasons Rust is the language that's finally getting to replace C, is that it's that rarest of memory-safe languages that puts an equal amounts of (mostly) pointless difficulty on the programmer).