On Fri, Jan 4, 2019 at 6:35 PM Danny Haidar <[email protected]> wrote: > software written in PHP cannot be > reliably run without supervision.
I raised my concerns about poor security in PHP application used in FreedomBox on various progress calls in the last years. Providing a completely objective analysis of the security of the PHP ecosystem is not possible, however a quick comparison between CVEs impacting popular languages and their standard libraries over the last 10 years is telling: https://www.cvedetails.com/vendor/10210/Python.html https://www.cvedetails.com/vendor/74/PHP.html https://www.cvedetails.com/vendor/1885/Perl.html https://www.cvedetails.com/vendor/7252/Ruby-lang.html The vulnerabilities leading to code execution are the most concerning. 152 versus 8, 11, 15. Also let's not forget that developers cannot avoid vulnerable functions in the stdlib or in 3rd party libraries that have not been discovered yet. -- Federico _______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
