Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

    > I'm kind of shocked that one of the qualifiers for choosing a tech-stack wasn't security, on a product that's specifically in the cyber-sec domain?
This is a bad take. GitHub's State of the Octoverse 2020 security report is a good read[0]. The nuget ecosystem has among the lowest package advisories, the percentage of active repos receiving Dependabot alerts, and .NET packages overall have very low numbers of direct dependencies (reducing the surface area for vulnerabilities in the supply chain).

A big benefit of the large first party ecosystem and broad base class library is that there are large teams of paid, professional engineers whose job is to actually track CVEs and patch vulnerabilities in .NET and C# as well as Microsoft's first party libraries.

If anything, I'd say .NET/C# are probably one of the better choices if you plan to build in a regulated or secure context because of the large first-party libraries and active monitoring and patching of CVEs by Microsoft engineers.

[0] https://octoverse.github.com/2020/ (download the full PDFs)



[flagged]


> How is being focused on security for a security product a bad take?

They're saying C# is more secure than other languages.

> Why are you following me around between threads?

You've accused a few users of this. It's a small site. I Think we're just noticing when there's an oddly hostile take on C# that's light on details, it's you.

I don't use C#, so I'm curious about your perspective. I'm still waiting for substantive answers to your thoughts on things (like https://news.ycombinator.com/item?id=42873130) and not just mud slinging. You may have valid complaints, but it's coming off like you're spreading FUD. This comment isn't much better because they the original poster made their thoughts clear and you said "You think security is bad?!"


Be gone troll.

The article mentioned nothing about stack security. I commented on it. I gave a pretty CLEAR and EXACT example on the type of exploits that the .NET runtime allows.

I didn't mention C# one time in my post except for what was quoted in the article. It was about the .NET runtime. That's hardly "hostile" to C# when it's a technical fact and has been demonstrated and used out in the wild.

And then the same people that spend all of their time in a religious war about C# posted something irrelevant to what was stated, and strangely didn't post ANYTHING on the article before I did. Only after I commented they show up, responding directly to me.

And here you are again, being a weirdo on the internet. Seriously go do something else. C# doesn't love you, it's a tool. Not a religion.

EDIT: The reddit history really tells it all. Constant downvotes, following people across subreddits, and constant yapping about Go vs C# going back years. https://old.reddit.com/user/_neonsunset/comments/ -- The intense religiosity and dishonesty with which you/you all discuss this topic is legitimately insane. Close the browser. Go do something else.


> The article mentioned nothing about stack security

I'm talking about the commenter.

> The reddit history really tells it all. Constant downvotes, following people across subreddits

I'm literally not that person you linked.

> I didn't mention C# one time in my post except for what was quoted in the article

Meet me halfway here, it's the language often used with .NET

> The intense religiosity and dishonesty with which you/you all discuss this topic is legitimately insane

I don't use C#, which I said before. You've been, from an outsider's perspective, corrected a few times. But I am no expert. I was trying to hear your thoughts about some topics in depth and you made it about as weird as a person could, so kudos to you. This is what I mean by weirdly hostile.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: