Comment by btrask

The problem with C to write secure software, it not only the set of language features for numeric, array and pointer manipulation that make it so easy to write exploits.

It is also the long set of compiler specific behaviors, sometimes version specific even, and UB. All of each very hard for a human to keep all the time on its head.

Hence why we have things like static analyzers, MISRA and Frama-C and still falls through the cracks.

Of course it's possible to write secure code in C, just as it's possible to write non-secure code in Rust. You can also drive a car at high speed with no seatbelts or airbags. If your code absolutely needs to be written in C, then do it, and do it carefully. If you're starting a new project and security is a concern, you ought to consider wearing a seatbelt.

Sure and you can build house out of anything, including Lego Blocks and Saltine Crackers. It's just that securing a brick house against rain is a lot easier than doing the same with house made of Saltine Crackers.

(safe) Rust allows developers the freedom to focus on logic, and not memory safety or undefined behavior. Being able to focus on just logic is why people have turned to memory safe languages for years. Rust finally does it with almost no runtime cost over that of C.

Even unsafe Rust offers more guarantees than C. But is a spot where you can remove the guard rails.

C was/is an amazingly performant language, but you're kidding yourself if you believe that most developers can write software as securely in it as they could in Rust.