[Ridley]

Comparing C to Javascript makes no sense, and Javascript is NOT a safe language. Those issues you mentioned are due to programmer incompetence. Bad programmers will make bad code no matter what language they program in. Security should not rely on a language hand-holding bad programmers.

[sitkack]

The classes of problems that one encounters in Ada, Haskell, OCaml, Rust, D or Go are vastly different than in languages w/o memory safety.

Writing secure network code in an non-safe language is something that shouldn't be taken lightly. Given the nature of the commits it is hard to comprehend that this product will ever achieve its stated aims.

It is secure by side effect, not proof.

[Ridley]

No one is taking this project lightly and I don't know why you would suggest otherwise. You keep vaguely alluding to "the nature of the commits" but still have yet to give a single concrete example of what you have issue with. I take it that you don't actually know any C and are just repeating what you've read somewhere else.

I have extensive C experience, and I have looked through the code. While there have been plenty of bug fixes in the commit log - as is to be expected for a project of this scope in its pre-alpha/alpha stages - I have not seen anything that resembles a security threat, much less something as serious as the heartbleed bug that you keep bringing up for some reason.

At this point I have to conclude that you're either a troll with too much time on your hands, or being paid to spread FUD.