[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Php why must your apps suck so?



> identifying and removing security problems?
>
> For #1, compare the number of CVEs_ in mediawiki to moin and drupal to
> zope+plone:
>                 2007   2006   2005
>    moin           5      0      0
>    mediawiki      7      5     12
>
>    drupal        36     37      8
>    zope(plone)  1(+0)  2(+3)  1(+0)
>


> Now we all know that numbers can be misleading but still this seems to
> highlight something for me: there are projects which care about security
> and there are projects which tack it on as an after thought.  No matter
> how much work we put into security locally (SELinux, mod_security, code
> auditing), we don't want to be using a project which belongs to the
> latter camp.  *Sending security patches upstream doesn't help if
> upstream will just introduce a new batch of security issues in their
> next release.*

Some of the numbers might have to do with install-base size also.  I
realize you did qualify your statment, but I thought it should be
called out explicitly.  I know of dozens of mediawiki sites I use
nearly everyday, whereas moin, I know of one.  Also, why is mediawiki
ok for 108 and et.redhat.com but not for fedora?  I would think some
type of review/assesment was done for those sites.

I am not trying to troll and/or flame, I really am just curious.

stahnma


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]