@chandlerc I completely agree with your conclusion. At the same time there is a lot of (proprietary) legacy code that will be used for years without anyone actively looking to improve its security. Are there efforts ongoing to make these and previous hardening options the defaults for C++ and C in the compilers?