We agree security is not just preventing array overflows, and Ada is not
a magic bullet. But the environment has changed. The estimated cost
of a bug in infrastructure software has increased because we now realize
it has a higher likelihood of being exploited by bad guys and the cost
of damage therefrom is higher than we thought. So "C's fine, why use
Ada?" should change to "How can you justify not using better tools (Ada
Another change is the drop in interest/discount rates. That means
long term savings are now raised in importance relative to short run
costs. "How can you justify ignoring the long term, life cycle, savings
of using Ada?"
As to whether Ada is indeed better for bug prevention and long term
maintenance, "prove it" gives way to "what evidence exists says Ada's
better - if you don't think so, prove that."