I disagree. Assuming code complexity is roughly fixed, more sophisticated code analysis will result in a smaller surface area for bugs. Bugs will still be found, but there will be less bugs to be found and less opportunities to exploit.
I disagree. Assuming code complexity is roughly fixed, more sophisticated code analysis will result in a smaller surface area for bugs. Bugs will still be found, but there will be less bugs to be found and less opportunities to exploit.
I'd expect the bigger shift to be toward secure-by-construction building blocks: less custom code that needs to be audited from scratch, and more hardened or verified components where common bug classes are already designed out.
A similar concept is used in Rust, where code that needs unsafe sections is generally done in very isolated and very heavily scrutinized modules.