Yes, many tools have been built to address the problems with C, and one is remiss if they ignore the greater development ecosystem.

But, that they're not integrated into the language itself means those tools can only ever make suggestions in a separate context, and so cannot function cohesively to permanently rule out classes of bugs in a way that can simply be taken for granted.

In fact, the Debian OpenSSL bug was actually caused [1] by a message from one of these tools being uncritically acted upon.

[1] the job of failure analysis is to find all contributing factors, not just pin everything on one.

Static code analysis tools exist in many languages even very high level, safe ones. A lot of them are even named after lint or as a tip of the hat to it.

Their presence isn't a sign of flaws of the language. They are signs of flaws in programmers. They give the designers the ability to extend the power of the compiler's warnings to help catch common mistakes and tune the automated feedback to fit the needs of the project.

Sure, but static analysis can only add so much, as the programmer is still working in the base language and can't convey higher level concepts to the static analysis tool, so it's forced to backfit them by guessing intent. And to the extent you can make annotations for this, you're effectively working in a new formal language without the benefit of a compiler.