Software AND hardware need improvement
It is true that higher layers of software introduce system vulnerabilities which should be avoided at those levels. System development software also needs to be more secure. But we need security built in at the lower levels. We must have hardware that detects out-of-bounds accesses - that is fundamental to both security and software correctness.
While I agree much of the blame is on MS, a lot must also be put on systems developers from the Unix background. C is an inherently flaky language. Languages developed for writing an OS should NOT be used for other applications. Much of what they provide should be forbidden at applications or even higher-level system software. But the cult-of-C has seen it used everywhere, even for some OO languages I believe. This is not a good situation. The mean look of C syntax is even used for many other languages.
While the C philosophy of "trust the programmer" now seems at best naive, it really was stupidity, and perhaps in the future should be treated as criminal negligence. It really is time to sit up and take notice of the warnings many of us have been making about C for a long time, and the inherently weak processor architectures that are underneath C.
http://ianjoyner.name/C++.html
Biting the hand that feeds IT
