This post is not so much for developers as it is for the managers and bosses from those developers. As you probably know by now, managing software engineers (or programmers) is not an easy task. They just don't like to play by the rules you always took for granted. Why is that? Why are those pesky programmers too hard to handle? Why is it so hard to sit down, write code and shut up??

The questions are yes/no and, at the end of the test, your questions will be assigned to points from 0 to 12. Here's just a few of the questions (they all come with summaries to help you understand what its asking):

• Do you work with lenient working hours?
• Do you give enough time for planning?
• Do you enforce an IDE?
• Are your programmers in the loop?
• Do you have enough distraction for programmers?

What follows is a breakdown of the 20 PHP-based applications that had the highest aggregate vulnerability scores (NIST assigns a score from 1-10 for the severity of each entry), and the highest total number of vulnerabilities, over the past 12 months. Of the two, I feel that the aggregate score is a better indicator of security issues.

The Excel charts show the total NVD score and the total number of NVD entries for several popular PHP applications (like phpBB, phpMyAdmin, TikiWiki, and Joomla). He also notes that there are some other extenuating circumstances surrounding these numbers (not a level line) and that the trend seems to be more on the side of issues with forums than any other type of PHP application.