The way it works is if you don't have the answer, you collect what you can know and move with that. Also C/C++ means you need a linter, a code review process, VAs, and potential exposure to FOSS libraries.
This method is mainly for building things, but if they are legacy, the information should be available as well.
The top level answer of "nobody understands this," is pretty much the most important thing you need to know from a security perspective.
It is funny, but it's funny because it's true and important.
