I think that's placing the blame with the hammer instead of with the carpenter.

True. But the problem with C programming is that there's no easy way to tell the bad carpenters from the good ones. If C had been designed with bounds-checked strings from the beginning, it would have protected us from a lot of collapsed buildings. There's the old saying: If architects made buildings the way programmers write software, the first termite would have destroyed civilization.

I can't count the number of protections faults I've seen in Windows that can be traced down to bad string handling in a sloppy piece of C code. I'm even responsible for some of those instances. I understand why programmers sometimes get sloppy in that area, because I've been in that situation myself.