[pjmlp]

Which gets even better by still using C.

Large majority of CVEs in the update are related to memory corruption, out of bounds and use after free.

Naturally the logic and wrong permissions ones would happen regardless of the language.

[sitkack]

A strong enough type system can catch permission problems.

[pjmlp]

The solution there would be a capabilities based OS, however adoption hasn't been great on that regard.

[sitkack]

I'd love to see CHERI (for the room) and Wasm take off, no time like the present.

https://en.wikipedia.org/wiki/Capability_Hardware_Enhanced_R...

https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/