> OK, sure. Avoiding C magically fixes security problems.
Did I claim this was the case? No, I didn't. But it does help, and not just because more modern languages are memory-safe.
> Avoiding C greatly reduces the risk of certain security problems (buffer-overflow, stack smashing) assuming the non-C language is implemented securely. It does nothing about other security problems like race conditions, unsafe /tmp files, incorrect input sanitization (eg, SQL injection problems), etc, etc....
Yeah, except that it does. Modern languages actually do help with these problems. A sanitized string is basically a subtype of a unsanitized string: you can use it everywhere where an unsanitized string can be used, but you can't use an unsanitized string where a sanitized string is required. Too bad C's type system doesn't support subtyping. Similarly, race conditions are much less likely in a language that supports threading in a sensible way. The Rust language for example forces all inter-thread communication to be explicit, they use a concept named "channel" for this.