For two decades, memory safety was treated as a discipline problem — write better C. In 2026 it is an economic and regulatory one. A survey of the 70% number, the Android CVE data that finally proved the fix, where Rust actually landed across kernels, what Carbon is really for, the regulations putting teeth behind it, and the honest decade-long path out of a hundred-billion-line C/C++ installed base.
Cisa
-
Memory Safety in 2026: The CVE Data, the Regulatory Cliff, and the Long Goodbye to C