It matters in so far as: at the end of the day you have to provide guidance to developers, who may or may not understand the security implications at a deep level. These developers are possibly using "common" frameworks and you need to know what these frameworks do and don't bring to the table. Some do common validation and output encoding for example. Some use functions with cryptographic weaknesses ECT ECT ECT. You wouldn't be able to provide guidance to them if you don't understand the framework they are using (ie the way the language is implemented).
Its also important in pentesting because it allows you to target commonly used packages and implementation for research or do hit known vulnerabilities.
OK...
It matters in so far as: at the end of the day you have to provide guidance to developers, who may or may not understand the security implications at a deep level. These developers are possibly using "common" frameworks and you need to know what these frameworks do and don't bring to the table. Some do common validation and output encoding for example. Some use functions with cryptographic weaknesses ECT ECT ECT. You wouldn't be able to provide guidance to them if you don't understand the framework they are using (ie the way the language is implemented).
Its also important in pentesting because it allows you to target commonly used packages and implementation for research or do hit known vulnerabilities.
We are talking about security researchers. read this article again.