It’s official, PHP sucks

Just kidding. But I did think it’s interesting that the latest SANS Top 20 list devoted a spot *specifically*
to PHP. This should be a wakeup call to the PHP community, particularly that segment of the community
that would like to see PHP taken seriously as a commercial tool and/or an alternative to Java.

The other thing I find interesting about this years list is the
recognition that the security landscape has changed; attackers are focusing on attacking applications
and network infrastructure devices in addition to just looking for OS level vulnerabilities.

“This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and
UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change
reflects the dynamic nature of the evolving threat landscape.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s