I recall Hoare,

"A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980 language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law."

-- C.A.R Hoare's "The 1980 ACM Turing Award Lecture"

Guess what 1980's language he is referring to.

Then in 1988,

https://en.wikipedia.org/wiki/Morris_worm

It has been 46 years since the speech, and 38 since the Morris worm.

How many related improvements have been tackled by WG14?

The bug isn't actually the copy but the bounds check.

If you had a dynamically sized heap allocated buffer as the destination you'd still have a denial of service attack, no matter what language was used.

2026 and why not vibe code our own cryptography library just like we are vibing lots of sandbox solutions? /s