Hacker News new | past | comments | ask | show | jobs | submit login

> more likely to use libraries rather than reinventing the wheel

I love programming in go, but I disagree with this point. The golang library ecosystem is absolutely less mature compared to C++.

Rust and Go are a pleasure to write in, but they don’t magically fix every problem and frequently CREATE problems because they’re still under development. In this case, the missing auth header vuln has nothing to do with the underlying language.

Yeah, it's definitely not a simple good/bad decision. My thought is that it's more likely that a Go library would be more likely to have implemented something like a mandatory auth check but the counterpoint is that if such a library were vulnerable it would affect potentially a very large number of services.

The problem with C++, is that while std::{array, string, vector} exist, and there are compiler options that make operator[]() behave just like at(), there are still lots of people that will happily use char * instead.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact