[jamal-kumar]

Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming. I might still use it once in a while for something like prototyping.

Python is easy to write but writing it "right", in a way that doesn't compromise performance, is a thing.

[ThePadawan]

> Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming.

At work, another team introduced automated CVE scanning to fulfill a contractual obligation to do so. When they asked me to implement this on my team's Django project, I said "well alright, as long as it doesn't constantly break the build because of some obscure false positive CVE".

Within a week, the CI job was broken because of 5 "CVE"s. 4 were false positives for our project and 1 was a configuration error by the other team.

Just to let you know to take "number of CVEs" with a large grain of salt.

[physicsguy]

You get CVE’s inside Django because it’s a large and widely used target, and because in Flask, FastAPI, etc. you end up implementing a lot more stuff yourself instead of using built in things. That doesn’t necessarily mean your code is more secure!

[jamal-kumar]

It ups your chances. I try and choose small, well-written libraries to work with in everything I do. Too many batteries included and they start to leak eventually.