It's too easy to just blame C, it's their slap-dash, design-by-committee kitchen-sink features, lack of process, absense of rigor and generally amateurish "engineering," if it can be called that, of a now critical security framework. Why isn't every release first run through valgrind tools and some commercial C bug-finding tools used by embedded / safety-critical systems and why aren't there proofs of it's correctness? They have and/or could get the money/resources.
