A C++ standard proposal that claims (with references) how zero-initializing data could mitigate ~10% of vulns seen against codebases. It's already an opt-in feature in modern compilers, but security benefits much more from secure defaults and explicit opt-outs.
Even if you're not working on a C++ codebase, imagine your favorite language or system and what apparently simple change (like zeroing memory when it's initialized) could make for a more secure default. This hits a recurring rhetorical question of: Why do we invest so much effort in hardening guides as opposed to making the default more secure? Why haven't we switched to "unhardening" guides or "de-security" guides?