Recent security holes with PHP will be undoubtedly under-reported. Why? Because it’s no fun to pick on Open Source code … there’s no Bill Gates or Steve Jobs. Open Source has no figurehead that the contrarians can throw rotten tomatoes at. Weak.
Funny how MS Office can have some obscure issue with email attachments and the ill-informed press (both tech & mainstream) loudly compose the epitaph for MS’s corporate tombstone. Less often, Jobs announces the latest iGadget and those same reporters predict with unflinching certainty that Apple is overextending and won’t be around in 2 quarters. But PHP has several major security holes that affect half the world’s servers and I’ve seen one tech notice in a small (but reliable) security newsletter. Guess what? I tested out the holes, since they are so easy to replicate, and they do exist.
So what gives? I think it boils down to the simple concept that it’s not cool to talk smack about Open Source. Along the same lines you’ll probably never hear anybody say anything negative about hybrids, or Volkswagen bugs, or Tom Brokaw, or PBS. There are some things in our society that somehow get a natural coating of critic-resistant teflon and that doesn’t seem fair.
I wonder what the criteria is for receiving that coating. The only reason I’m asking, of course, is because I’m jealous and I want it.