This may be a stupid question, but...
Why are security-crucial software written in languages such as C and C++? I understand why, say, an embedded system might need a low-level language to make the most use of limited resources, but it seems foolish to write security software in low-level languages.
I'm asking this because whenever I go to debian.org and look at the latest security fixes, the vast majority of them involve memory safety issues, which only appear in unsafe languages such as C and C++. As bad rep as Java gets, for example, I would imagine 90% of the security patches to OpenSSL would be completely useless. If an even higher-level language like Scala or Lisp were used, I would suppose it would be even easier to get things secure. Messing up your arrays will in the worst case lead to a runtime error.
Is the reason for using C/C++ avoiding side channel attacks? I might imagine some properties of a key interfering with the execution of a conservative garbage collector (like Boehm) and leading to timing attacks, but no higher-level language uses unsafe garbage collectors anyway.