p. Alistair Glen “Woolie” Wooldrige has posted a short but interesting article on what he sees as the main contributor to the impression that PHP is insecure. His blog post, titled “Is PHP Insecure? Hell No!”:http://woolie.co.uk/archives/169 delves into the idea that fundamentally (and especially of late) PHP is no more insecure than other languages. The problem is that when an application with PHP in the name has a bug reported, it tars the language with the same brush.
bq. With other languages, this is generally not the case. You rarely see rorNuke or perlWebSite. The reason this is a problem is that whenever there is a bug within one of these pieces of software, it is automatically associated with PHP.
p. It’s a short but interested read that I’m sure will be of interest to those in the PHP security community. Drop by, give Woolie a read, leave him a comment.