C is a programming language. There is no problem with it as such. The problem is with programmers and how they use it. C allows a programmer to write very fast, powerful and sophisticated programs. It supports this by not putting obstacles in the
programmer’s way. However, the responsibility for ensuring good practice is followed is left with the programmer.
Technically, the main cause of security vulnerabilities in C programs is buffer overflow. Buffer Overflow is a situation where, in the program, the programmer allocates space to store some information, say a name of 20 characters, and the operator
enters, say, 25 characters. C itself does not prevent this and those extra (five) characters will overflow the 20 character buffer and overwrite some other part of the program. This would usually cause the priogram to crash. However, if the amount of
data entered is large enough and of a certain character (dependent on the program) it can cause the program to execute actions that give the operator more privilege on the system than they should have.