Not to mention static analysis tools that should detect one easily. Covert-channel analysis, required in security certs since 1980's, can find most information leaks. Some tooling existed for it, too. Use-after-free prevention is trickier on static analysis with only one, mainstream language doing temporal safety w/out GC's. So, 2 out of 3 easily prevented/caught with stuff decade or more old.