[tdhz77]

It’s hard to believe that 10k is worth whatever they need from Perl in 2025.

I wrote Perl for many years while I worked on the godforsaken cmecf system.

Cmecf this year announced it had been hacked by Russian hackers.

This means that cmecf written in Perl allowed a country access to Federal Court evidence including intelligence gathering methods, corporate secrets, and inside sources.

Perl is not memory safe, loaded with security issues for over a decade. It’s only saving grace is string manipulation, which is exactly why the best hackers in the world all know it.

[joz1-k]

> Perl is not memory safe

Perl is memory safe.

> loaded with security issues for over a decade.

According to CVE reports, it doesn't appear that Perl [0] is less secure than Python [1]:

[0]: https://www.cvedetails.com/vendor/1885/Perl.html

[1]: https://www.cvedetails.com/vendor/10210/Python.html

[tdhz77]

https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI...

I’m amazed that you are defending that Perl is memory safe.

It’s not.

[joz1-k]

You must have confused Perl with another programming language. Perl has always been a memory-managed language with a reference-counted garbage collector.

The link you posted doesn't even mention Perl at all. It does say that:

Using a memory safe language can help prevent programmers from introducing certain types of memory-related issues. Memory is managed automatically as part of the computer language; it does not rely on the programmer adding code to implement memory protections.

Perl clearly fits the definition of a memory-safe language with automatic memory management. The funny thing is that this document lists Delphi/Object Pascal as memory-safe languages, even though there are clearly not.

[tdhz77]

It’s not mentioned because it isn’t one ;)

[Aldipower]

Perl is not memory safe? Are there pointers directly to memory like in C? No, it is an interpreted language that runs opcode in the Perl virtual machine.

Sure, there are quite some safety concerns with Perl, but they can be mitigated. For example there is the taint mode with "-T" that prevents direct execution of system commands.

Would I use Perl for a new project? No. :-)

I would be interested in more details about the cmecf hack!?

[kstrauser]

Was the bug in Perl or its libraries, or in the code written in Perl? There are many valid criticisms of Perl, but I've never heard of the language itself described as insecure, and especially not memory-unsafe. I don't know how I'd write a use-after-free or stack smash in Perl if I were forced to.

[Aldipower]

Yep, there are bad bugs for example in mod_perl which is written in C and takes the interpreted Perl code and runs it in the Apache context. I think this is what the OP "heard about". But that is not the fault of Perl itself.

[tdhz77]

https://www.nytimes.com/2025/08/12/us/politics/russia-hack-f...