This is not a very useful analogy. It suggests that we should regulate C out of existence. But regulation was appropriate and effective for a particular reason with asbestos.
We stopped using asbestos because of the link between its manufacture/installation and lung cancer. It’s a clear case where government regulation helps deal with a market failure: asbestos is cheap and effective, so consumers like it, but nobody involved in asbestos transactions bears the cost of the lung cancers the industry causes.
Writing C doesn’t make underpaid programmer die early deaths. The issues with C are borne directly by the customers who are using C software. It’s not really a market failure of any kind.
If you did then I dont understand the point you're making with the given example.
with the language you've got
* the creators of C
* the developers writing software (tool/library/whatever) with C
* the users which use this software
If the software has a security issue, the cost will have to be born by the users, not the developers.
That makes it (imo) directly opposed to your argument, as its technically the same as with the carcinogenic substance
* the creators of the substance dont get cancer
* the contractors using it to build the house dont get cancer
* the people that live in the house get cancer
(but the people that use software written in C dont ... die, which is why I agree that its wrong to equate them)
I see where your confusion stems from. In the case of asbestos, it is the contractors using it to build the house who tend to experience adverse health effects, and not always the people who live there. Asbestos is harmless when it's inert in the wall, paint, etc. The danger is when you start doing construction / renovations and the dust is free floating.
So OP's point is correct. The two situations are not exactly analogous.
Well the creators of the substance (manufacturers who used asbestos in their products) and the contractors that installed the products did in fact also get cancer.
You're both a little bit wrong, and both want to be right, so seem to be ignoring the negative aspects of both your arguments.
C does not have a direct proven link to causing death or catastrophic disease like asbestos does, but any bugs due to language "allowing" the dev to shoot themselves in the foot is largely born by the users - at least initially.
As others said - asbestos is really bad for asbestos miners, and pretty bad for installers. But it’s pretty much totally inert when installed - it doesn’t affect homeowners.
Asbestos is killing mostly the contractors instead of the users, which is breaks the analogy here. (That being said, any argument using the “market failure” concept is dubious from the beginning)
I don’t think the federal government should step in and regulate it, but why not some kind of professional or trade organization, like UL?
And really, I think your argument bolsters my case. Federal and state governments are freaking out about cybersecurity and protecting infrastructure and voting systems, so why shouldn’t they ban the use of software written in C in their acquisition process?
Such regulations already exists, see for instance https://en.wikipedia.org/wiki/MISRA_C. Similar rules could be created for Rust (I would assume that this would have to be some sort of 'sane subset' of Rust, which for instance would forbid dynamic memory allocation alltogether).
We stopped using asbestos because of the link between its manufacture/installation and lung cancer. It’s a clear case where government regulation helps deal with a market failure: asbestos is cheap and effective, so consumers like it, but nobody involved in asbestos transactions bears the cost of the lung cancers the industry causes.
Writing C doesn’t make underpaid programmer die early deaths. The issues with C are borne directly by the customers who are using C software. It’s not really a market failure of any kind.