Maybe it's actually should be the other way around ? Isn't it possible to build frameworks(using relatively popular/easy languages) for the most popular application classes(CRUD web apps, IOT MCU) that in many cases will isolate the developer from needing to think about security ?
And if it's possible, And we already have a few such tools(like say scala lift, ARM mbed ) but somehow haven't yet became popular, why is that ?
Many of them already are, but they aren't "sexy". I personally do a lot of .Net, and MVC 5 has relatively good defaults if you just install and go. ASP.NET Core is even better in some regards (CSRF tokens are completely transparent now). I think a lot of the problem is that people want to use a lot of new tech which hasn't had time to develop security as a convenience feature, or they just flat out don't want to use a framework.
If you're writing queries, either through an ORM or by hand, you need to be thinking about what data will be returned to the user. If you're not thinking about it, you'll create a data leak in the best case.
And if it's possible, And we already have a few such tools(like say scala lift, ARM mbed ) but somehow haven't yet became popular, why is that ?