@andreasdotorg @lanodan @ariadne All I'm really saying here is, the memory corruption RCE vulns tend to be in things that are heinously complex and hard to implement correctly (or even define correctness for), and meanwhile my professional experience and that of my colleagues is dominated by things like logic bugs in managed code that just give up all the sensitive data for fun, and nobody keeps track of those bugs, and I see no work on systematic mitigations for them.