I would say at least half of the remaining 30% are eliminated by Rust's stronger type system and borrow checker too. When I'm writing Rust it feels like I write around 10x fewer bugs than in C++.

Even formal methods and verification have bugs.

I wonder where you got those numbers from.

From Microsoft[0]: "As we’ve seen, roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues."

And from Google[1]: "memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android’s high severity security vulnerabilities."

[0] https://msrc-blog.microsoft.com/2019/07/22/why-rust-for-safe...

[1] https://security.googleblog.com/2021/04/rust-in-android-plat...

Almost every study of security vulnerabilities concludes that roughly 70% of them are caused by memory unsafety.

A report about Windows written by Microsoft, I think.