You might have heard about the ACME 0-day exploit in acme.sh (fixed in the latest release) and Matt Holt, who discovered it, has written an excellent blog about it, where you can read all the details. In the second part of his blog, he gives general security advice and opinions on technology in regard to ACME implementations and deployments. Given that he and me and on different spectrum in the Holy Campaign on Memory Safety, I feel some points misrepresented or left out.
