> You're misrepresenting the argument here. This is not just about newly > written software, but also about software that already has been written.
There are multiple arguments here. That comment of mine was addressing the claim that somebody (I think you) made that stated that it was too much to expect programmers writing security-critical code to understand these aspects of C. I agree with all the arguments about legacy code, but I'm much less tolerant of such arguments for NEW code.
