Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming. I might still use it once in a while for something like prototyping.
Python is easy to write but writing it "right", in a way that doesn't compromise performance, is a thing.
> Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming.
At work, another team introduced automated CVE scanning to fulfill a contractual obligation to do so. When they asked me to implement this on my team's Django project, I said "well alright, as long as it doesn't constantly break the build because of some obscure false positive CVE".
Within a week, the CI job was broken because of 5 "CVE"s. 4 were false positives for our project and 1 was a configuration error by the other team.
Just to let you know to take "number of CVEs" with a large grain of salt.
You get CVE’s inside Django because it’s a large and widely used target, and because in Flask, FastAPI, etc. you end up implementing a lot more stuff yourself instead of using built in things. That doesn’t necessarily mean your code is more secure!
It ups your chances. I try and choose small, well-written libraries to work with in everything I do. Too many batteries included and they start to leak eventually.
Python is easy to write but writing it "right", in a way that doesn't compromise performance, is a thing.