A more conservative rule would be not to use C where security is a concern, unless you know what you're doing.
When you're writing the kind of software that's an invitation to hackers, like a web application, you should favor a language like PHP or Ruby, which takes things like buffer overflows out of the equation, and even then, you should know what you're doing.
> A more conservative rule would be not to use C where security is a concern, unless you know what you're doing.
Which if you follow my posts, you will see that I defend C and C++ should be replaced by safer systems programming languages, that exist since Modula-2 days.
Having said this, C and C++ are still used everywhere and will outlive most of us.
So when using them, for whatever reasons, at least one should take care to use the best practices regarding how to write secure and safe code in those languages.
When you're writing the kind of software that's an invitation to hackers, like a web application, you should favor a language like PHP or Ruby, which takes things like buffer overflows out of the equation, and even then, you should know what you're doing.