Programming languages -- the "third rail" of secure coding

["Kenneth R. van Wyk" <Ken () KRvW com>]

Greetings,

It appears as though we may well have discovered software security's third 
rail over the last couple of weeks in the discussions regarding programming 
language choices.  I don't mean to fan those flames by any means, trust me.  
However, I noticed several announcements for PHP version 5 (see 
http://www.zend.com/ for the official announcement and press release) over 
the weekend.  PHP has long been the whipping boy of secure programming, and 
version 5 appears to add a great deal of new functionality to this popular 
language.  Secure or not, there's a lot of PHP users and coders out there, 
and this added complexity certainly enhances its "trinity of trouble" profile 
(with respect to Gary McGraw's "Exploiting Software").

Along those lines, there's a good article at 
http://otn.oracle.com/pub/articles/hull_asp.html that compares PHP5 against 
ASP.NET, including the security features of each.

Happy reading...

Cheers,

Ken van Wyk
-- 
KRvW Associates, LLC
http://www.KRvW.com