|
|
|
|
|
|
by iLoveOncall
1140 days ago
|
|
|
I don't know the full history because it's from way before I joined, but it is honestly a terrible take (by a guy who's now Distinguished Engineer at Apple, no less!) explaining that it is impossible to write secure applications in PHP. Basically, they used "the historical number of vulnerabilities identified in applications developed using a technology" as metric to determine how insecure a technology is. For the argument here, they looked at the CVE list, where at the time (in 2012, with the list existing since 1999) 40% of all software vulnerabilities recorded were in PHP applications. This led to the conclusion that PHP is insecure by nature. Of course, he didn't mention that at the time, PHP was also used by 80% of all websites, because that would have made his argument worthless. That wiki page explaining that is still up. It's so baffling to me when the argument violates so many of Amazon's leadership principles. |
|
|
I could think of a bunch of legitimate reasons to want to ban it but they would also hit a bunch of other languages as a result - hence why I was curious how it could be so specific.
It wouldn't surprise me if LOC for LOC PHP written today is much more secure than JS because of the same dynamic, just JS is the one that is now on 80% of new code written by beginners.