By that definition, pretty much all software has "poor security" regardless of language. I don't think your definition of "poor security" is proportionate or useful.
> By that definition, pretty much all software has "poor security" regardless of language.
My definition of "poor" is that it must have a babysitter to maintain and patch it. Whether or not this is the case depends on the attack surface, which of course depends on the complexity of what it does. A system that has no attack surface can be very buggy without having poor security. But an internet connected machine with modern windows/posix OS that does some useful work will likely need a security patch already within the first couple of years - and that I consider pretty poor.
