Hacker News new | comments | show | ask | jobs | submit login Curl is C ( haxx.se ) 443 points by mhasbini 13 hours ago | hide | past | web | 287 comments | favorite simias 11 hours ago I have no problem with Curl being written in C (I'll take battle-tested C over experimental Rust) but this point seemed odd to me: >C is not the primary reason for our past vulnerabilities >There. The simple fact is that most of our past vulnerabilities happened because of logical mistakes in the code. Logical mistakes that aren’t really language bound and they would not be fixed simply by changing language. So I looked at https://curl.haxx.se/docs/security.html #61 -> uninitialized random : libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer point...