Comment by geocar

> Better programmers on C can't effecicely eliminate whole classes of the most common fatal security vulnerabilities.

Sure they can, it just requires discipline. Most of djb's code (in C) has a lower defect count than most other implementations you'll find in any language, and the mistakes he does make are in relaxing his discipline when thinking it doesn't matter (because of privilege isolation -- something he later admitted was a mistake[1] -- or because nobody puts that much memory in a machine, because times change!).

[1]: https://cr.yp.to/qmail/qmailsec-20071101.pdf

> But that's no excuse to skip past "step 1".

Zeno would like a word. I'm arguing a different metaphor, not "try harder".

If it is true that programs get too big to maintain the level of discipline the language requires, and regardless of the language you're going to be confronted with defects, then the solution (in my mind) is smaller programs because only the small program has a chance of being correct in the first place.