Just kidding. But I did think it’s interesting that the latest SANS Top 20 list devoted a spot *specifically*
to PHP. This should be a wakeup call to the PHP community, particularly that segment of the community
that would like to see PHP taken seriously as a commercial tool and/or an alternative to Java.
The other thing I find interesting about this years list is the
recognition that the security landscape has changed; attackers are focusing on attacking applications
and network infrastructure devices in addition to just looking for OS level vulnerabilities.
“This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and
UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change
reflects the dynamic nature of the evolving threat landscape.”