VAX VMS was poorly copied in Win NT, contaminated by C and Unix
Dave Cutler and a very small team from Digital Equipment Corporation (DEC) were a very visible part of the Win NT development, receiving much of the credit for its development, some deservedly. Unfortunately, the positive impact they had in some areas were more than offset by the negative impact in some others and by the pernicious influence of the C language, Unix, and the undisciplined design and development espoused by many academics at that time and which now dominates our industry.
While Windows NT has many similarities with the VMS and later OpenVMS operating systems, it and the other MS systems were then and remain today fatally flawed, in many cases sharing these flaws with the various Unix variants and with many other C-based environments. These very same types of flaws are directly responsible for this latest breach. At their core are simple concepts, like fully validating the arguments to system calls and using string descriptors and counted strings rather than NULL-terminated ones or using typed pointers rather than unrestrained ones a la "C". If only we had not ...
It is a great tragedy for our industry and for the entire world that Unix and C gained prominence within the academic and research establishments, supplanting all those alternatives of which any one would have better reflected the "best practices" we had painfully discerned. If only we had taken all that we had learned with systems like Multics and later applied in newer systems like VMS/OpenVMS, we might have avoided many of today's perils.
Cutler and his guys knew better, they had just done the PL/I compiler for the VAX using technology derived from the Multics PL/I compiler. Gates should have known better since he had learned on the TOPS-10 system on the DEC PDP-10. Many of the newly-minted CS professors probably did not know better, most never having worked on a real system of any type much less one used in "production". Their students were truly clueless about security, data representation, robust and reliable systems, or much else. The overwhelming majority still are.
Dave, Don, et al do not get a free ride. They made their share of stupid decisions with NT that are still hanging around today. Dave was always known as a quick and dirty programmer -- really good at delivering something as a first version to customers, but moving on while others spent then years honing his "proof of concept" implementation into a sustainable, supportable product roughly two versions and three years later. (Ask anyone who worked with his early RSX-11 operating systems or with early versions of RSX-11M.)
NT is only one example of how many places we collectively failed our industry, making "engineering tradeoffs" where no tradeoff should have been allowed. While many of us knew better, we were swamped by recurring themes in the industry: newer is perceived as better; weaknesses are marketed as strengths; low initial price always wins whether functional or not.
BTW I never worked for DEC nor MS, but have been a customer, partner, and sometimes supplier to them and to other clients in many industries including SCADA. I have personally known and worked with the people I mention.
VMS/OpenVMS on whatever hardware is still the system I would most trust when my life depended on it. It is insane that MS Windows is being used in applications like SCADA rather than a reliable, robust, and far more secure system like OpenVMS.