[mephi5t0]

Just because you tested more secure .NET site than less secure PHP sites doesn't mean that PHP is less secure. It means you tested more secure .NET sites compared to number of less secure PHP sites. If you flip a coin 10 times and you will get 10 tails it doesn't mean that the coin is broken or faulty. Random numbers are random.

[morganherlocker]

> If you flip a coin 10 times and you will get 10 tails it doesn't mean that the coin is broken or faulty.

It might be. At a certain point, the coin is more likely "broken" (or rigged somehow) than actually flipping tails every time. The chances of flipping a coin 10 times in a row tails are ~1/1000, so I do not think this is in the range, but at 100 flips, I would say that it is much more likely that the coin has been tampered with.

[orf]

With a sample of 10 that makes sense. We have done over 150 PHP tests over the last couple of years and the average number of issues is higher than other technologies. What would account for that bias?

[ayi]

It means the web sites are written by bad programmers.