Given the number of lines of C code out there the number of fuckups is a lot less than you'd expect. Because C is usually used in gatekeeper situations (operating systems, compilers, servers, network stacks) when there is a breach it is serious.
I find it hard to conceive of a posix compliant OS written in a higher level language, especially because of the lack of deterministic behaviour when handling interrupts and allocating memory. C is mind numbingly simple at that level which is exactly why it is used in these situations.
But every language makes it possible to write insecure code, C has its own unique challenges:
It isn't that long ago that somebody managed to get an exploitable scenario out of UTF-8, it took me a long time looking at the code to see how it was even possible. In a higher level language that sort of thing is more difficult to achieve, that's for sure.
I find it hard to conceive of a posix compliant OS written in a higher level language, especially because of the lack of deterministic behaviour when handling interrupts and allocating memory. C is mind numbingly simple at that level which is exactly why it is used in these situations.
But every language makes it possible to write insecure code, C has its own unique challenges:
It isn't that long ago that somebody managed to get an exploitable scenario out of UTF-8, it took me a long time looking at the code to see how it was even possible. In a higher level language that sort of thing is more difficult to achieve, that's for sure.