I'm currently reading "Software Security: Build Security In" by Gary McGraw, and he makes the distinction between security bugs and security flaws. Security bugs being implementation errors in code, and flaws being more on the architectural/design side of software. He writes how security defects tend to be around a 50/50 split between bugs and flaws.
However, this was written in 2006, and he mentions languages such as C and C++. There is a lot of talk of buffer overflows, for instance. My question is this: how pertinent is this to Scala? Obviously bugs in implementation still can cause security risks, but having a managed language on the JVM that does bounds checking seems like it would mitigate a large class of bugs that McGraw speaks of. Is it a reasonable statement that Software Security, in a language like Scala, has shifted more towards the architectural and logical side of things? Or, to be more specific, is static code analysis in Scala less important for security than it would be for languages like C and C++? If not, why not?