Fortunately, data demonstrates that making a better choice does not require daunting multiyear rewrites of existing codebases. Security can be dramatically improved by incrementally shifting the development of just new code to memory-safe languages. If these vulnerabilities can be avoided with low impact on other development goals, then choosing to introduce new ones should increasingly be considered unacceptable, and our goal should be for vulnerabilities to become increasingly impossible to introduce.