Thomas observed the majority of vulnerabilities fixed and with a CVE assigned are caused by memory corruption bugs, which is something that can be prevented via programming languages that are safer to use.
The Register notes that while Microsoft had bad experiences with rewriting the Windows shell in C# and Windows Presentation Foundation (Project Longhorn for Windows Vista), the solution may be Mozilla's Rust:
"If only the developers could have all the memory security guarantees of languages like .NET C# combined with all the efficiencies of C++. Maybe we can," wrote Thomas.The post also suggests Microsoft Security Response Center will do more efforts to lecture internal developer teams to move away from unsafe legacy languages and try out modern alternatives.
The language he has in mind is Mozilla's Rust, designed for system programming with an emphasis on speed, memory and thread safety, and other security features.