There are no guarantees that the security software is not exploitable given the quicksand it is built on.

What's the difference to my comment? I didn't make any assertion about warranties.

From Computer Science point of view if you are writing bug verification tools in an unsafe language, there is no guarantee the verification tool is giving safe results back.

The same unsafe constructs can cause memory corruption in the verification tool and lead to a behavior where the wrong decisions are taken.

So the fact that many C verification tools are written in C itself does not proof anything about how safe the language could be.

For me personally C could be much better if:

- There was no automatic decay from arrays into pointers (call an explicit operation to do so, like &a[0])

- There was a proper string type available

- Arrays were bound checked (with optional disabling of bound checking, like many other languages offer)

I have studied computer science, thanks. You are arguing against something I never said.