[gemanor]

I'm really waiting to see all those shift-left startup founders that will craft a new world of developer-oriented products from this list. IMHO, the real way to look at it is how we can influence developers (by choosing the suitable languages, platforms, architectures, etc.) and then measure them after they find the vulns.

From the optimistic side, it looks like the safest language to write an app today with is TypeScript.

[rtev]

Typescript applications suffer from many of these vulnerabilities. JS apps have a specific class of critical vulnerabilities as well, prototype pollution. If I had to write a web application with security in mind, I personally would pick Python. It’s possible to make mistakes in any language though, and the environment an app is deployed in can independently introduce many vulnerabilities.

[gemanor]

When I wrote typescript, it was half a joke as a result of the language ranking in one of the comments. As you said, the most important factor is the platform, not the language itself. Writing the software in a language that run well on the platform you aim for, is the right decision.