[dredmorbius]

OpenSSL was open sourced. That worked out real well.

It's not being open sourced that leads to secure, well-behaved software.

It's being well-behaved, secure software. Which, among other properties, means following the principles of least privilege and least capability. See the OpenBSD project for more on that philosophy.

[noobermin]

As someone else mentioned, open source is not a golden bullet. But, it being open source led tot he discovery of the bug and the fix, right?

[Nullabillity]

This isn't C we're talking about. You don't magically expose random memory with Java code.

[dredmorbius]

Tool choice may improve security. See again OpenBSD, which has specifically rewritten parts of the C library to avoid classes of bugs.

That said, Java has a markedly less-than-perfect record.