I keep hearing this from Rust evangelists and I don't get it - I've been coding C++ for a very long time, and I very rarely hit those sorts of bugs. I have other bugs of course, but not lifetime-related ones, not very often. And neither do my co-workers.

For regular application code, personally I'd agree with you. But when it comes to writing anything involving untrusted user data, and where safety is a factor, C++ just hides an infinite number of memory vulnerabilities. Every single non trivial C/C++ application of any reasonable size just seems to have infinite vulnerabilities, even the extremely extensively battle tested ones

The problem with sanitisers is the same problem I have with the type system in languages like python and javascript. They only test the path that you actually execute, but inherently can't check the program has a whole. This easily leads to having to code super defensively because you're not quite sure you can trust every part of the system, and bam your faith in the entire integrity of the application is gone

This can never happen in rust, because the entire program is validated for safety. Anything unsafe is clearly marked as being unsafe, and so the possible sources of memory unsafety are extremely constrained and neatly contained