We've known for at least a decade that memory safety vulnerabilities are *by far* the most common and destructive type of security vulnerability in software. That's not a hypothesis, we have data for this, and have had it for a long time - it's been true ever since parameterized queries nearly elimited SQL injections. It's not in question.

The fact that, despite this overwhelming data for over a decade, and despite things like Rust existing, the programming community at large *still* hasn't broadly acknowledged that memory safety is a high-priority threat to software security that warrants a drop-everything response, raises some extremely uncomfortable questions about the competence and trustworthiness of the field as a whole.

It also draws some similarly uncomfortable parallels with the pandemic response by major governments.