I'm going to push back a little on "new" and "weaknesses still being found". The underlying theory of curves and their hardness has been pretty stable for awhile --- since well before 2000, I think. More progress has been made against conventional multiplicative group Diffie-Hellman than has against curves.
The complicating factor isn't the curve problems themselves, but rather implementation details, some of them particular to specific curves.
That's a reasonable point and I agree with you, but I think you've read into my comment something that's not there. I said:
>> But all the elliptic curve cryptography is comparatively new, and weaknesses are still being found.
It's the elliptic curve cryptography that's comparatively new, and the weaknesses are being found in the full crypto package. That includes, and in many cases is primarily in, the implementation.
So actually I think you're not pushing back, I think you're clarifying exactly what I said.
Of course, I may yet have misunderstood you, so feel free to add more. You certainly know more about this than I do, and I'm happy to learn (or have it clarified further).
The whole field of misuse-resistant cryptography is very new, relative to the field as a whole. We didn't even have a usage model of cryptography that was sound until the later 1990s, when the connection was made between authentication and indistinguishability. It's only in the last few years that we've begun to prioritize constructions that make implementation bugs harder to blunder into.
Which is a long way of saying, that's true, but also still an issue relevant to RSA and DH and DSA.
I think the primary reason we read a lot about elliptic curves today is that the field has, at least to the extent that it's not directly promoting post-quantum algorithms, pretty much coalesced around curves as the best modern way to implement asymmetric cryptography.
The complicating factor isn't the curve problems themselves, but rather implementation details, some of them particular to specific curves.