It is theoretically possible to give a loaded gun to a baby; things will probably work out fine. Searching for news about such mishaps, they are quite rare. Still, they do occur, and I suspect the industry has “warning labels” regarding leaving guns lying around.

strcpy-related security holes still occur these days, but I think they have been reduced. There has been a slight improvement; software is being written with a little bit more care. Fewer developers are handing strcpy “guns” to their users.

I believe the OpenBSD “warnings labels” do play a small part in improving the situation. You don’t need to reach all the grumpy programmers who believe they have godlike powers to avoid making overflow mistakes; if you reach some people, you get progress.

— Theo de Raadt

IMHO, nothing kills corner cases like polymorphism. Remove the conditions and you remove the dark corners where bugs like to hide.

— John Florian

via Distribution quote of the week [LWN.net].