it depends, to some degree I go with Jason Knight because it really depends on your perspective. As a javascript developer I probably don't have to build in canaries in my memory control to avoid highjacking those address registers like in C.
It is really layered, isn't it?
- Do we just take security inside our code?
- do we take the machine into account?
- Do we take external libraries and their code base into account?
- Am I actually allowed to blackbox? Can I trust security written by another person I don't understand?
- Do I take communications issues into account as well? async, ddos, ....
- Do I assume type based transformation in dynamic languages as a weak-point of security?
I have to say, I don't know .... it's so much .... it's actually so generic to me it's useless without context.