[Freedombox-discuss] The Status of PHP
Federico Ceratto
federico.ceratto at gmail.com
Sat Jan 5 18:55:04 GMT 2019
On Fri, Jan 4, 2019 at 6:35 PM Danny Haidar
<haidar at freedomboxfoundation.org> wrote:
> software written in PHP cannot be
> reliably run without supervision.
I raised my concerns about poor security in PHP application used in
FreedomBox on various progress calls in the last years.
Providing a completely objective analysis of the security of the PHP
ecosystem is not possible, however a quick comparison between CVEs
impacting popular languages and their standard libraries over the last
10 years is telling:
https://www.cvedetails.com/vendor/10210/Python.html
https://www.cvedetails.com/vendor/74/PHP.html
https://www.cvedetails.com/vendor/1885/Perl.html
https://www.cvedetails.com/vendor/7252/Ruby-lang.html
The vulnerabilities leading to code execution are the most concerning.
152 versus 8, 11, 15.
Also let's not forget that developers cannot avoid vulnerable
functions in the stdlib or in 3rd party libraries that have not been
discovered yet.
--
Federico
More information about the Freedombox-discuss
mailing list