Yeah, ultimately the goal of infosec is to make itself obsolete. On the one hand, it seems to be working because exploiting things has become more difficult/expensive. On the other hand, cyber attacks seem more rampant than ever, because exploiting things has also become more lucrative. So are the effects of the infosec industry real? Or is it just an arms race?
We still find SQL Injection at an alarming rate... but yes, eventually it would be nice to make it nearly impossible to do the wrong thing by default for programmers. That is the dream. Information systems are just too vast and complex for that to be true on any time scale I could predict for you, though, so job security seems pretty good!
Yep, memory corruption bugs on a modern OS are really hard, but still possible. That’s why sketchy firms like those that build Pegasus now pay 7 figures for a locked and loaded iOS exploit, which objectively does the same thing mine did a decade or so before. :)
We all collectively made developers better. Anyway, memory corruption is mostly stopped by the kernels and memory corruption mitigation strategies. Mostly implemented security focused devs and guided by information security research. It’s a yin and yang thing. We find stuff, the community and big organizations research and figure out nee mitigation strategies etc. It is an ecosystem with many loops that have security researchers and bug hunters almost everywhere.