I do software security professionally these days.
While it is easier (e.g., almost possible) to do memory corruption/buffer overrun/stack smashing in any language, it is certainly far easier to do so in C and C++. Many languages these days link to C libraries, thus increasing the possibility.
However, much of my work these days is done against .net applications, which is a managed, garbage collected language. The number and frequency of errors in the code is not smaller than with C. It is still possible to get remote code execution through the IIS/.net web stack.
Application security is very difficult, and not very many of us write error-free code.
To me the issue with OpenSSL (and there are still some that remain, although the ones that I know about are not as severe) is that the code is very unclear and hard to reason about. In fact, the best static code analyzers had to be tweaked to see the issue.
Having many years experience in both C and C++, I find that working in Lisp is much easier to make assertions about its fine-grained behavior, pretty much agreeing with your experience.
I would like to rephrase the question: which language makes it easier to reason about a large code base? My vote is for the Lisp family. However, keep in mind one of the best-written programs out there, Qmail, is written in C. There is a lot to be said for who the author/authors are as well as the language.
wglb