|
|
Subscribe / Log in / New account

CVEs/LOC not a great metric

CVEs/LOC not a great metric

Posted Dec 15, 2024 8:00 UTC (Sun) by sammythesnake (guest, #17693)
In reply to: CVEs/LOC not a great metric by khim
Parent article: NonStop discussion around adding Rust to Git

> people move to [...] PHP (also, technically, a memory safe language) [...] thinking the language safe [...]

I don't think I've ever heard anyone describe PHP as safe, most people who even have a concept of "safe" wouldn't touch PHP with a 20ft pole!

to post comments

CVEs/LOC not a great metric

Posted Dec 15, 2024 13:55 UTC (Sun) by pizza (subscriber, #46) [Link] (1 responses)

> I don't think I've ever heard anyone describe PHP as safe, most people who even have a concept of "safe" wouldn't touch PHP with a 20ft pole!

PHP has *always* been "safe".

Its poor reputation is due to numerous lackadaisical practices by folks developing with PHP -- primarily not sanitizing inputs and manually assembling database queries (and shell invocations) with those unsanitized inputs.

...The largest data breaches in history are due do this sort of application-level logic flaw... implemented in "safe" languages.

(Any language capable of concatenating strings together is "vulnerable" to this sort of thing)

CVEs/LOC not a great metric

Posted Dec 15, 2024 14:42 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

Memory safety is different than functional safety. PHP has the former but its APIs were woefully lacking to make the latter easy. Now there are better APIs more readily available, but its history definitely casts a long shadow in many minds.

> ...The largest data breaches in history are due do this sort of application-level logic flaw... implemented in "safe" languages.

No one here (AFAIK) is claiming *functional* safety (life, limb, correctness) here[1]. Proof systems are needed for that and Rust isn't there (nor do I know of anyone claiming such). However, when one has memory safety, the foundations for building up things like "encode requirements into types and let the compiler make sure it is fine" are far easier. Of course, some languages don't have sufficient mechanisms to teach their compiler (or interpreter) about such things, memory safe (Python, PHP, Bash) or not (C).

> numerous lackadaisical practices by folks developing with PHP

The same can be said for just about any software dysfunction. No one is perfect, but the level of vigilance and attention required to prevent such issues differs greatly between languages (and is not monotonic across the "memory safe" spectrum either). I know I'd much rather the team I'm working with have a steadfast gatekeeper for problems in the compiler before CI before review before customers. The quality of each filter is different between languages, teams, and cultures but (IMNSHO), finer filters earlier in the sequence are generally worth quite a lot more.

[1] Philosophical question: what constitutes "functionally safe" for a missile?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds