[bsder]

> However, there's nothing about C that prevents writing secure code in it

C doesn't prevent you from writing secure code, but it sure as hell makes it hard.

I believe it was Bryan Cantrill who made the problematic observation that the main issue is that C code doesn't compose.

I can write a perfectly correct library. You can write a perfectly correct library. When somebody else brings those two correct libraries together, though, the result can be terribly broken.

This is where the GC languages and Ada and Rust kick C and C++ asses.

[jpc0]

There is this reasonably small C library used by literally the entire world that you may want to look into, the Linux kernel.

You may also note that in the general case even your beloved Rust and GC languages need to drop down to C the moment they want to interoperate with anything else.

[bsder]

> There is this reasonably small C library used by literally the entire world that you may want to look into, the Linux kernel.

WTF? The Linux kernel is gigantic. And is a prime example of non-composable fail.

Most functions fail in bizarre ways if you have re-entrancy. Out of memory is handled in myriad different ways--if it's handled at all. System calls can fail in a zillion ways with very little ability to recover correctly. I can go on and on.

[jpc0]

It was sarcasm...

Also the reason something can fail for any reason whatsoever is because the linux kernel cannot just decide to shut down your computer if a cosmic ray flips a bit while the cpu is reading from ram.

The reason you can write your small library is because of the work done.

Also the reason for my comment in general was the linux kernel is, in my opinion, the most used library on the planet and was and still is predominantly built on C.

Sometimes pretty APIs are not what you need. You need APIs that have been and will continue to do what needs to be done for decades