"Microsoft’s .NET..higher CWE densities..produce some of the poorest software quality overall. "
As for the "It's for compatability with legacy code in COBOL" BS
Bo**cks. That code dates from a time when machine time was ruinously expensive (and machines in the 100s of KIPS was close to being viewed as a supercomputer).
Consequently a lot of time was spent "desk checking" before committing even to a compile, let alone a run test. That's why a lot of Y2K COBOL code worked just fine following audit.
Here's the thing with legacy systems. They were developed when machine time expensive, staff time cheap.
Now it's the other way round (and the developers of Unix could see this trend from 45 years ago).
When you work out how much developer staff time was spent on those old systems (100s of man years, not months) and factor in today's hourly rates you think "WTF. I can't afford that." Hence the "If it ain't broke don't fix it" mentality in banking/government/telecomms.
Which is why a small number of niche firms make a good living building tools (and using them) to chomp through MB of legacy code and refactor and/or detect coding weaknesses.