Yep.  Code is dumb, and can't be smarter than the people writing it.  If they weren't paranoid, it's going to be weak code.  The C programming language is over 40 years old, which it and its successors still have some of the memory protection faults of the original version.  There are ways to protect against these faults, but things like memory overflow are still viable exploits. So either the language needs an overhaul, or programmers need better education.  Actually both.  But then there's the problem of legacy code which needs more than just a recompilation: it needs to be reviewed.  Then tested to make sure it still integrates properly with all the other code that it interacts with.  This is known as refactoring legacy code, and it is beyond a monumental, Sisyphean, task.  It's like the Y2K problem at a much larger scale because of the tiny places that code runs and this ancient code hides.  In many cases, the original code may no longer be available for analysis, which makes things even worse.  So code runs until it fails, then they rewrite the whole thing from scratch.