![]() It's too bad no one takes this much effort to focus on positive news from other languages. Among the landslide of tweets were also a few people poking at ColdFusion such as this person who went as far as to say businesses should scrap all use of Adobe products in general due to the number of vulnerabilities. What to say about Adobe products? Don’t used in your business. This prompted me to revisit a blog post I did almost 3 years ago that collected the number of CVEs (Common Vulnerabilities and Exposures) in several popular web technologies including ColdFusion. In that post I compared Java, PHP, Tomcat, and ColdFusion CVEs reported on the year 2000 and found ColdFusion to have far fewer reported vulns per year than any of the other technologies. In fact, Java and PHP really blew the doors off the chart with the number of vulnerabilities they've reported. The overall point was, every major platform has vulns and the very reports of them show a company that is actively working to improve the platform. Also, no one ever seems to make the same arguments about PHP or Java every time a new vuln comes out about how they're "so insecure" and people should stop using them. Since my last post stopped at 2014, I pulled up new data for reported CVEs and this time just did the previous 10 years- so 2006-2016. ![]() ![]() I realize they are really frameworks and not languages, but ROR is sort of synonymous with Ruby and the two projects just represent similar high-profile platforms that people have been using on the web for the last 10 years. Note, I also grabbed the last 3 years of data from Oracle JRE and appended it on the previous data from the Sun JRE.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |