Interesting article out on ZDNet today: http://www.zdnetasia.com/news/security/0,39044215,39315781,00.htm
The article refers to the US government sponsored study being done by Stanford University, Symantec, and Coverity. It says, "The so-called LAMP stack of open-source software has a lower bug density--the number of bugs per thousand lines of code--than a baseline of 32 open-source projects analyzed, Coverity, a maker of code analysis tools, announced Monday." This surprised me quite a bit, especially given LAMP's popular reliance on scripting languages PHP, Perl, and/or Python. Still, the article doesn't discuss any of the root causes of the claimed security strengths in LAMP-based code. Perhaps it's because the scripting languages tend to make things less complex for the coders (as opposed to more complex higher level languages like Java and C#/.NET)? Opinions? Cheers, Ken -- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php