I considered whether you can fault them for that, but I do think, I’ll fault them for using Python in a security-relevant context.
You get so little assistance from the language tooling and a lot of Python libraries have low code-quality. Especially the whole asyncio system is so tricky to use, it’s extremely hard to produce correct code.
The JVM languages (Scala, Java, Kotlin) usually have decent-quality libraries and tooling. The Rust community loves to pump out high-quality stuff. And well, a bit more unusual, but I would have high confidence in Haskell or OCaml libraries, too.
It’s mainly JavaScript and Python where the whole ecosystem is built from the ground up with a “good enough for my script”-attitude. Oh, and C is out for manually managing memory.
I considered whether you can fault them for that, but I do think, I’ll fault them for using Python in a security-relevant context.
You get so little assistance from the language tooling and a lot of Python libraries have low code-quality. Especially the whole asyncio system is so tricky to use, it’s extremely hard to produce correct code.
Which language would you have used?
The JVM languages (Scala, Java, Kotlin) usually have decent-quality libraries and tooling. The Rust community loves to pump out high-quality stuff. And well, a bit more unusual, but I would have high confidence in Haskell or OCaml libraries, too.
It’s mainly JavaScript and Python where the whole ecosystem is built from the ground up with a “good enough for my script”-attitude. Oh, and C is out for manually managing memory.