Secure Coding mailing list archives

ZDNET: LAMP lights the way in open-source security

From: ken at krvw.com (Kenneth R. van Wyk)
Date: Tue, 7 Mar 2006 10:56:24 -0500 (EST)

Interesting article out on ZDNet today:

http://www.zdnetasia.com/news/security/0,39044215,39315781,00.htm

The article refers to the US government sponsored study being done by Stanford University,
Symantec, and Coverity.  It says, "The so-called LAMP stack of open-source software has a
lower bug density--the number of bugs per thousand lines of code--than a baseline of 32
open-source projects analyzed, Coverity, a maker of code analysis tools, announced Monday."

This surprised me quite a bit, especially given LAMP's popular reliance on scripting
languages PHP, Perl, and/or Python.  Still, the article doesn't discuss any of the root
causes of the claimed security strengths in LAMP-based code.  Perhaps it's because the
scripting languages tend to make things less complex for the coders (as opposed to more
complex higher level languages like Java and C#/.NET)?  Opinions?

Cheers,

Ken
-- 
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com

Current thread:

ZDNET: LAMP lights the way in open-source security Kenneth R. van Wyk (Mar 07)
- <Possible follow-ups>
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
- ZDNET: LAMP lights the way in open-source security Jeremy Epstein (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
  - ZDNET: LAMP lights the way in open-source security Jeff Williams (Mar 07)
  - ZDNET: LAMP lights the way in open-source security Crispin Cowan (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gary McGraw (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gary McGraw (Mar 07)