Stop Using C and C++
70% or more of the exploitable CVE bugs are related to the "undefined behaviour" which comes from the C and C++ languages. A simple index error in the kernel will often yield total control to an attacker. We had "ping of death" and "gethostbyname() kernel takeover".
Face it, all human programmers make mistakes, because they are tired, sick from the flu, had a squabble with the wife. etc. There will always be these 70% of bugs if we continue to use C and C++.
Mathematical proof is too expensive/unheard of for most application fields, so we can rationally exclude that option.
Rust, Swift, Java, C#, Vala and some others are the way to go.
Strong typing both at compile and runtime and we can eliminate 70% of bugs !
Here is Tony Hoare saying the same thing: https://www.infoq.com/presentations/Null-References-The-Billion-Dollar-Mistake-Tony-Hoare/