Claim seems pretty solid: "If you have a very large (millions of lines of code) codebase, written in a memory-unsafe programming language (such as C or C++), you can expect at least 65% of your security vulnerabilities to be caused by memory unsafety."
alexgaynor.net/2020/may/27/sc