| > Please stop perpetuating the myth that security is produced by a programming language. Security happens by taking care of what you're doing; if a language can eliminate a whole class of bugs then you might as well use it. That's why people keep arguing that some languages can eliminate some kind of bugs, but that absolutely doesn't make programs implemented in these languages bug-free. Said differently: more secure (relatively) doesn't mean secure (in absolute). > We only have to look at all the patches for java to see that it hasn't been secure. We only have to look at all the patches for java to see how much it is analyzed; it doesn't mean java is relatively more or less secure than any other language. I've seen no patches for this nim interpreter for brainfuck [0], does that mean it's more secure than java ? Absolutely not. You can draw some parallel with crypto schemes: anybody can come up with some cipher, nobody will analyze it unless there is something to gain (that includes fun). When you've reached the state where you're under scrutiny of every crypto analyst and their student, and potential vulnerabilities are found, does that make it a weak scheme ? We don't know. Only a real analysis of the vulnerabilities can tell us. [0] https://github.com/def-/nim-brainfuck |