The problem that we have is that a minority of people realize that not all random implementations are actually fit for purpose for cryptographic security.
See CWE-338 for an enumerated list of these things in the wild.
I found 300+ examples of CVEs with little effort.
Should developers who are writing code that involves cryptography know better? Sure - but they don't. They cut and paste from stackoverflow with horrific results.
> Should developers who are writing code that involves cryptography know better?
but cryptography is just one small use case of RNGs. Grepping through my home for e.g. random_engine, less than 1% seems to be related to crypto use cases, the bulk are being taken by noise generation for various artistic use cases, games, compilers, schedulers, and tests. Stuff like shuffling a playlist, making particles move in random directions, randomness in paint brushes, etc.
If I want to generate a white noise texture for a video game do you think I care more about cryptographically-secureness or the operation not taking 10 seconds for a 4k texture ?
Sure, but if you take the time to actually read the article you'll learn that Pony was at the time the only language and runtime capable of meeting their needs.
You'd also learn that this is a different product with different requirements.
There's no such thing as the "best language" - there's the "best language that fits your problem domain".
See CWE-338 for an enumerated list of these things in the wild.
I found 300+ examples of CVEs with little effort.
Should developers who are writing code that involves cryptography know better? Sure - but they don't. They cut and paste from stackoverflow with horrific results.