I'm surprised to hear someone is developing current ncurses applications today in a commercial context.
At a former "disaster recovery" startup I had written a little ncurses tool for handling data transfers from pools of external USB drives customers would ship us to seed their off-site backups. This was something like 8 years ago now, and it was already a situation where literally nobody else in the company, new or existing hires, wanted anything to do with maintaining what was really a small ~1000-line C+ncurses application. I was on the systems/platform/backend/OS team and it was just a weekend hack to get us going with something ops could interface with via putty.
I can't imagine how much more difficult it is to find anyone with ncurses familiarity today, and few people seem interested in wasting time learning such antiquated tech. In hindsight I feel like I never should have written that tool in the first place, instead letting one of the front-end devs just make a REST API and web doodad for the whole thing. At least then it would have been familiar territory for practically every engineer they hired.
Funny thing about writing security products: one tends to work with a lot of things most people don’t want to touch (SELinux and SecComp come to mind; yeah, they are part of my job).
As I noted in another comment, using a TUI starts us off with a smaller attack surface and fewer dependencies, which makes it easier to scrub things down even further with relative ease (relative). It may make tooling and programming tougher, but it simplifies the overall job of achieving a target level of security.
At a former "disaster recovery" startup I had written a little ncurses tool for handling data transfers from pools of external USB drives customers would ship us to seed their off-site backups. This was something like 8 years ago now, and it was already a situation where literally nobody else in the company, new or existing hires, wanted anything to do with maintaining what was really a small ~1000-line C+ncurses application. I was on the systems/platform/backend/OS team and it was just a weekend hack to get us going with something ops could interface with via putty.
I can't imagine how much more difficult it is to find anyone with ncurses familiarity today, and few people seem interested in wasting time learning such antiquated tech. In hindsight I feel like I never should have written that tool in the first place, instead letting one of the front-end devs just make a REST API and web doodad for the whole thing. At least then it would have been familiar territory for practically every engineer they hired.