Re: It's "What's the best language" all over again
@DCFusor,
Great example with the strncpy() updates. What I have seen in my org though are people too lazy or unskilled to understand why strcpy() is an issue. So they just cargo cult code with strcpy()
compile it, and run. They're not thinking or even bothering to read the literature in their own field.
Obviously these need to be educated if possible and encouraged to succeed elsewhere when it is not. Any tool in the hands of a cargo cultist is dangerous, I don't think there is anything we can do with tools and architecture to mitigate incompetence.