Yes, after reading a draft[1] of this document, I suggested to them that they seemed to be insufficiently emphasizing remote execution vulnerabilities (due to invalid memory access). I also pointed out that they neglected to mention Rust and the Clang/LLVM sanitizers. (And SaferCPlusPlus[2] too.) They acknowledged my comments, but it doesn't seem to have had much effect on the document.
[1] https://news.ycombinator.com/item?id=12643463
[2] shamelss plug: https://github.com/duneroadrunner/SaferCPlusPlus