JavaScript/Node.js/modules are essentials now since Node is pretty popular. For example, many Bitcoin modules like Copay are written in JavaScript and not available in other programming languages.
Ruby or Python is more important than strong JavaScript, and everyone who knows Ruby or Python has at least weak JavaScript. If you specialize in JavaScript security, you need it, but you can say the same thing about Intercal.
I don't think you can fairly compare JavaScript with Intercal in this context. JS is very popular now and you can see a lot of job posts that give you a hint about the market size for security reviewing Node applications.
Additionally, Node modules are a fertile ground for bug searching.
Sure. But the premise of the question is, what language (singular) should someone pick up to do "security for companies" (I read from that: appsec). I cheated by giving 2; formally, the right answer to this question was simply "Python OR Ruby".
JavaScript is the most deployed interpreter in the world, and therefore almost certainly handling the greatest amount of independent data in the world. So whether or not you think it's a bad joke, it's important.
I think I sent the wrong message with the Intercal comparison.
My point was that the logic that brings you to "you need Javascript if you specialize in Javascript security" works for any language, including Intercal.
It was not that Javascript is a language as dumb as Intercal.
If I had to make a list of 3 languages to know for security people, Javascript would probably be my #3 (Java might be #3, and Javascript #4; I'd have to think about it.)
BTW: Unlike a lot of people on this thread, assembly wouldn't be in my top 5. It is much, much more important that appsec people be able to fluently write C than it is that they be good assembly programmers. Even full-time reversers don't spend that much time reading assembly in bulk.
