I would replace "human ineptitude" with "flawed system design that makes it very easy to make very bad mistakes"

"a common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools" - Douglas Adams

But is the flawed system design here the automated system at AWS or the human-in-the-loop systems by which companies are providing admin access to IT resources, including AWS accounts?

Probably both! But I would argue that below a certain size provisioning things by hand probably makes sense. A UI that makes it too easy to make a private thing public is never ok.

Sure, but I don't think the current EC2 UI makes it too easy (and the S3 UI could only make it harder by not making public and cross account access possible at all.)

That's a valid way to categorize all memory errors in C.

And I think we should absolutely hold that against C as a development language.

Once I mentioned on a mailing list Chrome’s reaction to mouse driver bug on my computer, it would buffer JavaScript events, and process it even for pages on a different domain.

Later I told the EFF I had a suspicion that iOS didn’t rate limit input events to the lock screen, independently a research found out about it a month later.

Even if there are zero days, I don’t think finding them is a particularly noteworthy or rewarding task.