Is it me or should code that has to be secure be written in more manage languages to prevent these mistake ? (But managed languages probably have other security issues I don't know about ?)
If OpenSSL was written in a managed language, someone would need it in an environment a managed language wasn't suitable for, and end up porting it to C.
Managed languages is one way to go, but they are not really appropriate for performance critical libraries like OpenSSL in my book. You can get safety without being managed in modern languages if the compiler does the safety proving for you (e.g. rustlang).
For all clarity I meant like C++, ObjC, or others; any language that allows you to create things that enforce consistency during compile or runtime. (Like shared pointer and array containers.) Probably used the wrong terminology here.
