The very few cases where it actually mattered for project delivery acceptance, were proven with a profiler, and fixed on those single cases only.
Most of the time it is just cargo cult taken from C into other languages.
Multics had a better DoD security profile assessment than UNIX, thanks to PL/I being bounds checked by default.
Mac OS used Object Pascal until they decided to switch to C++ around 1992, it also hardly impacted their sales, using a language with bounds checking.
The very few cases where it actually mattered for project delivery acceptance, were proven with a profiler, and fixed on those single cases only.
Most of the time it is just cargo cult taken from C into other languages.
Multics had a better DoD security profile assessment than UNIX, thanks to PL/I being bounds checked by default.
Mac OS used Object Pascal until they decided to switch to C++ around 1992, it also hardly impacted their sales, using a language with bounds checking.