The report on
Product Security Bad Practices warns software manufacturers about developing "new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety."
In short, don't use C or C++. Yeah, that's going to happen.
... CISA continued that memory safety vulnerabilities [e.g. in C and C+) account for 70 percent of security vulnerabilities. To address this concern, CISA recommends that developers transition to memory-safe programming languages such as Rust, Java, C#, Go, Python, and Swift. These languages incorporate built-in protections against common memory-related errors, making them more secure from the code up.