Re: Languages/platforms used for Web apps. Any stats?

[Steve McCullough <website () showmethesmut com>]

Mark Susol Ultimate Creative Media wrote:

> I don't think the problem so much is that the language is easy to
> learn or that these folks deployed insecure programming, but that the
> code is OPEN and you can STUDY it and find the vulnerabilities at your
> leisure. And with the  success of google, once you find an exploit its
> so easy to find all the sites using the same software most likely
> several versions outdated and its really easy pickings. I subscribe to
> this list just to get the heads up on anything I'm using off the open
> source shelf.

OK, I'll bite.

The open source element works both ways, however. For example, if I've
implemented an open-source BB system and a new vulnerability is
published, at least I can grep the code for vulnerabilities --- and fix
them myself if no one else has. With a proprietary solution, on the
other hand, I'm stuck thinking either "Gee, I sure hope I'm not
vulnerable" or "I hope they send me a patch."

Steve


-- 
Steve McCullough
web developer, S.M.U.T. Magazine > www.showmethesmut.com