I was talking to our chief architect about a blog post about our zero dependency home grown HTTP server[0]; the project just hit 1.2 and uses virtual threads. I'm generally a fan of "don't reinvent the wheel"[1], but I think there are some cases where that control is worth the cost.

Defending against security vulnerabilities is definitely one of them, as long as you make the proper investments to harden what you write.

Joel Spolsky write about some other reasons too[2].

0: https://github.com/FusionAuth/java-http

1: https://en.wikipedia.org/wiki/Reinventing_the_wheel

2: https://www.joelonsoftware.com/2001/10/14/in-defense-of-not-...