Google for PHP. Or, why I moved effbot.org to another server.

December 8, 2003 | Fredrik Lundh

google fornumber of hits
python vulnerability21,400
perl vulnerability77,600
java vulnerability138,000
php vulnerability264,000

enough said.

“Look, there’s a plaque on this one,” he explained to Arthur, “It’s frosted over.”

He rubbed the frost clear and examined the engraved characters. To Arthur they looked like the footprints of a spider that had had one too many of whatever it is that spiders have on a night out, but Ford instantly recognized an early form of Galactic Eezeereed.

“It says ‘Golgafrincham Ark Fleet, Ship B, Hold Seven, PHP Programmer Second Class’ — and a serial number.”

“A PHP programmer?” said Arthur, “a dead PHP programmer?”

“Best kind.”

“But what’s he doing here?”

Ford peered through the top at the figure within.

“Not a lot,” he said, and suddenly flashed one of those grins of his which always made people think he’d been overdoing things recently and should try to get some rest.

 

Comment:

Hi Fredrik! Interesting post. I happened to by playing with the pygoogle module and thought it would be fun to re-try your test. I added an additional factor. It seems that it would be more fair to take into account the popularity of the language, so I added an additional search and divided the two results. For example "python vulnerability" divided by "python language". Here are my results (11/26/2006):

Language # Vulnerabilities # Language Hits Ratio (smaller is better)
java      1710000          157000000       0.010892
python     968000           40200000       0.024080
ruby       961000           17100000       0.056199
perl      1150000            4460000       0.257848
php      19100000           18800000       1.015957

(I hope this formats ok)

Posted by Gordon Tillman (2006-11-26)

Comment:

Well, there's one more point to consider. The "openness" of the language for the vulnerability to occur. The more a language is open to interaction with the outside world more are chances of finding a vulnerability. For example, PHP is exclusively meant for webdev. Whereas, in languages like python or Java play, webdev is only a small part played by it. By the way, I have been a Java developer and a new python enthusiast :). I am impressed by your work with open Pyhton. Thanks. ---- http://ajitk.com

Posted by Ajit K (2007-03-25)

Comment:

An additional point: perhaps googling for "PHP language" returns fewer pages than "PHP vulnerability" because a lot of people don't consider PHP a real language...

Posted by Luciano Ramalho (2007-06-28)

A Django site. rendered by a django application. hosted by webfaction.