[Freedombox-discuss] The Status of PHP

Federico Ceratto federico.ceratto at gmail.com
Sat Jan 5 18:55:04 GMT 2019

On Fri, Jan 4, 2019 at 6:35 PM Danny Haidar
<haidar at freedomboxfoundation.org> wrote:
> software written in PHP cannot be
> reliably run without supervision.

I raised my concerns about poor security in PHP application used in
FreedomBox on various progress calls in the last years.
Providing a completely objective analysis of the security of the PHP
ecosystem is not possible, however a quick comparison between CVEs
impacting popular languages and their standard libraries over the last
10 years is telling:


The vulnerabilities leading to code execution are the most concerning.
152 versus 8, 11, 15.
Also let's not forget that developers cannot avoid vulnerable
functions in the stdlib or in 3rd party libraries that have not been
discovered yet.


More information about the Freedombox-discuss mailing list