Apple, Linux, and PHP in the Top List of Vulnerable Vendors
by Paul LexenCnet recently posted an article titled “Apple, Microsoft, PHP headline IBM’s list of most vulnerable software,” summarizing IBM Internet Security Systems’s X-Force 2008 Mid-Year Trend Statistics report. This report, by some strange reasoning, found it appropriate to list, among others, Apple, Joomla!, and Linux in the top ten list of vendors with the most reported security vulnerabilities. How exactly IBM Security Systems’s X-Force is capable of providing a suitable comparison between Apple and Joomla!, or how they find it appropriate to list Linux as a vendor, remains to be explained.
The IBMSSXF continued in their analysis of the top vendors with vulnerabilities:
Another commonality between these three vendors [Joomla!, Drupal, and Wordpress] is that they are all written in PHP. If we look back over last year’s disclosures and apply the new CPE methodology to them, we would uncover another newcomer to the top five list, PHP itself, which would rank number four in the 2007 top five vendor list.
*Sigh*
Ivo Jansch provided a pertinent reply in his blog. He mentioned that since PHP is getting blamed for these vulnerabilities, perhaps we should blame C for the vulnerabilities found in C-based software.
I realize that the IBMSSXF is trying to report hard numbers and facts. And their tables and graphs are all very pretty. But really, it comes down to this: you can’t compare apples with oranges, especially if the Apple is a vendor and the orange is a web site CMS…or an operating system…or a programming language.
Tags: apple, linux, php, security
Filed under News :
Comments (0) :
Aug 30th, 2008
Follow whatan00b on Twitter