I think certification overestimates security, absolutely. Certification proves nothing.
You can use theorem provers to prove correctness, but you can't prove that the business logic is correct. There's a degree to which you just cannot prevent security vulnerabilities.
But switching to memory-safe languages will reduce vulnerabilities by 90%. That's not nothing.
You can use theorem provers to prove correctness, but you can't prove that the business logic is correct. There's a degree to which you just cannot prevent security vulnerabilities.
But switching to memory-safe languages will reduce vulnerabilities by 90%. That's not nothing.