Then you get headlines like this: "Microsoft: 70 percent of all security bugs are memory safety issues", which is flat out wrong and contradicts itself the first line of the article.
The HN post that we are commenting on even says "To me, the fact 70% of security vulnerabilities arise from a lack of memory safety is not the reason that memory safety is important." which is also false and certainly needs clarification.
Perhaps the correct statement is something like "70% of security vulnerabilities in large projects written in C or C++ are memory safety issues", with the understanding that there are both a lot of software that are and aren't subject to that statistic.
And yet the memory safety advocates everywhere are waving that number around like 70% of all security issues are caused by memory safety.
I note Chromium project also says "The Chromium project finds that around 70% of our serious security bugs are memory safety problems." https://www.chromium.org/Home/chromium-security/memory-safet...
Then you get headlines like this: "Microsoft: 70 percent of all security bugs are memory safety issues", which is flat out wrong and contradicts itself the first line of the article.
https://www.zdnet.com/article/microsoft-70-percent-of-all-se...
The HN post that we are commenting on even says "To me, the fact 70% of security vulnerabilities arise from a lack of memory safety is not the reason that memory safety is important." which is also false and certainly needs clarification.