Security holes you wind up with in a Java or whatever codebase take the form of logic errors allowing for compromise of user information, or SQL injection or command injection. These are bad, they totally compromise data and systems.
Security holes in C applications allow for the injection of low-level programs. This is way more annoying, IMO.
also the static and runtime tools for C are good, and getting better, but still very far from being a replacement for writing code in a memory-safe language.
Agree and in C you still have all the bugs of the type that you describe for Java or whatever...
It just there is a lot of C out there which means we will see it for ever in our systems somewhere. It will get better over time as tools improve the existing C code base.
Security holes in C applications allow for the injection of low-level programs. This is way more annoying, IMO.
also the static and runtime tools for C are good, and getting better, but still very far from being a replacement for writing code in a memory-safe language.