What PHP needs to learn from Java
We all know that there isn't a single language or platform that is totally secure, much in the same way that no matter how well you secure your house, its still possible to leave a door unlocked. However if your house has few locks, open windows and is in a bad neighborhood, shouldn't you do something about it?
The house I am referring to is PHP, great for prototyping and building applications quickly, but has a long way to go before it provides the automatic piece of mind Java does. We track vulnerabilities on all platforms and applications that use PHP are often the target of attacks. Was it the application developers fault, possibly, but there is little help for PHP developers to find out if they are really writing insecure code and without a security manager like Java, any small mistake can become a big exploit.
My colleague Ezra has started a new open source php security tool to audit php applications, phpsecaudit if you have any php code lying around check it out. We are looking for other contributors too. As for me, my first choice is still Java, even if it does take longer to create something the first time around.