Hacker News new | past | comments | ask | show | jobs | submit login

I agree it's theoretically possible to write a secure project in PHP, but it's very difficult, especially if you're hiring people like crazy.

If you divide the amount they've paid out in bounties by the number of bounties paid, and compare with their bounty tier rules, it's clear that a lot of the vulnerabilities that were reported in Slack are relatively severe.

(And I agree bug bounty programs are great; we also use HackerOne)




If you use a framework like Laravel it probably covers most things.

You could easily write a massively insecure application in core python, but things like Zulip use Django which shields you from most of it.


It is not about the language is it... I don't think there is so big difference between php and python. Besides Slack is most probably using whole lot more tech than php.

It is about Zullip being open source.


It's also about the language. See, for example,

https://www.quora.com/Why-is-PHP-hated-by-so-many-developers


That is from 2014. There have been many changes in the programming language since.

Most people nowadays are using frameworks and abstraction layers which make most of these points moot.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: