Sadly even if you make it easy to do the right thing, without the right attitude to match it matters little. Some people still concatenate unsanitized input with raw SQL strings despite the abundance of libraries that make creating safe queries easier.
At this point I think heads need to roll before people take the problem seriously.
I wasn’t clear: we do agree that attitude is the crucial piece, I just disagreed on the order in which it should be done.
I think that implementing in compilers the mechanisms for doing the right thing can be done first, and relatively quickly. Which now that I think more about it, would need the right attitude on the part of the compiler vendors and standards committee.
At this point I think heads need to roll before people take the problem seriously.