In some mail from john mullee, sie said: > > --- Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx> wrote: > > From my own mail archives, PHP appears to make up at least 4% > > of the email to bugtraq I see - or over 1000 issues since 1995, > > out of the 25,000 I have saved. > > > > People complain about applications like sendmail...in the same > > period, it has been resopnsible for less than 200. > > > > Do we have a new contender for worst security offender ever > > written ? > > I guess most of the remaining offending apps were written in C: as much as 96% ?!! > (including basically all of microsoft's stuff!!) > > Surely the least secure language of all time !!! > > Note also that no vulnerable apps were written in: > - cobol, rpg3, prolog, ada, scheme, lisp, pl/1, occam, modula-2, or MIX But in the 1990s, Java was created. Java applications exist. Java servlets and applets also exist. There have barely a *handful* of JRE/JVM security problems. So the point of this is to say that new, modern, development languages that are secure can be and are being developed and used. That PHP is relatively new with respect to computing and has so many security problems should be an embaressment to its developers and users. Or to put it another way, if there are so many security problems with PHP then the PHP development model or use model needs to be seriously reconsidered and redeveloped such that it is immune to such security issues. This may, of course, mean throwing away PHP and starting over (see C/C++ -> Java). Oh, and btw, you forgot to mention fortran. Darren
