It’s official, PHP sucks

Just kidding. But I did think it’s interesting that the latest SANS Top 20 list devoted a spot *specifically*
to PHP. This should be a wakeup call to the PHP community, particularly that segment of the community
that would like to see PHP taken seriously as a commercial tool and/or an alternative to Java.

The other thing I find interesting about this years list is the
recognition that the security landscape has changed; attackers are focusing on attacking applications
and network infrastructure devices in addition to just looking for OS level vulnerabilities.

“This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and
UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change
reflects the dynamic nature of the evolving threat landscape.”

http://www.sans.org/top20/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s