@jeffvanderstoep Yes, concentrating on making the new code safer makes ton of sense. The only part that I find dubious is that bug in old code decay exponentially over time. I remember when new issues like integer overflow became mainstream, leading to tons of new bugs discovered in very old code. We are always at risk of the next attack method preying on unaware old code.