It is theoretically possible to give a loaded gun to a baby; things will probably work out fine. Searching for news about such mishaps, they are quite rare. Still, they do occur, and I suspect the industry has “warning labels” regarding leaving guns lying around.
strcpy-related security holes still occur these days, but I think they have been reduced. There has been a slight improvement; software is being written with a little bit more care. Fewer developers are handing strcpy “guns” to their users.
I believe the OpenBSD “warnings labels” do play a small part in improving the situation. You don’t need to reach all the grumpy programmers who believe they have godlike powers to avoid making overflow mistakes; if you reach some people, you get progress.
— Theo de Raadt
IMHO, nothing kills corner cases like polymorphism. Remove the conditions and you remove the dark corners where bugs like to hide.
— John Florian