Who's had more vulns, take 3: Java, ColdFusion, ROR, .NET
Posted by
Brad Wood
Oct 09, 2019 01:36:00 UTC
There's a fair amount of disingenuity, or perhaps just willful ignorance to the statistics here and I talk to a lot of people who are astonished that CFML is still in use due to the alleged massive numbers of vulnerabilities. One would think simply touching the code might give you rabies. Some CFers suggested that it's a form of "virtue signalling" by infosec professionals to throw CF under the bus, winking at each other over there shared distaste for a platform they have little knowledge of but assume sucks.
Tags: