This is not to say that moving up levels is worthless. But it sounds to me as though everyone in this discussion is stuck in some kind of mindset like "if we can just eliminate $CLASS_OF_ERROR, we'll have a safe and secure programming language". We won't; we'll just have one where the unsafe and insecure errors are at a higher level.
Right, that's the game. We want all the errors to be design and logic errors, with no help from the programming language. (i.e. we don't want the programming language to be permitting us to make extra errors.)
The goals should be that 100% of the security problems are design errors. :) Then we can go teach people to design properly...
BB
