On the Zend Developer Zone Cal Evans has posted an article about a topic that's always hot in any development community - security. In his post, "On Security and PHP", he comments on some recent metrics reported by a larger application security company and provides a bit more realistic view into the world of PHP security (and some possible downfalls of their metrics).

Yet another consultant group has decided that their traffic stats are too low so they need to “shake things up a bit”. As usual, they picked PHP as the whipping boy. No, I am not going to link to them; too many people are already doing that unironically. [...] So we have a consulting group that has discovered that compiled languages have fewer security issues than dynamic languages. In other news, water is wet. This insight isn’t a revelation to anyone who has worked with a compiled language.

He also points out the leap they make between the PHP-related results to the two pieces of software that power a large part of the web, WordPress and Drupal. He mentions the recent installation statistics published by Jack Skinner and how, when it boils down to keeping the actual language secure, nothing is better than keeping things patched. Cal summarizes the current state of things (and where we should be heading) well:

We can all agree that PHP code used to be notoriously insecure due in part to it’s low point of entry, but so was the entire Internet. As we learn, we are writing better and more secure code. Sadly reports like the one highlighted here do nothing more than perpetuate old stereotypes. The truth is that yes, PHP code has flaws, much like Python code, node.js code, and Ruby code. We’ve got fewer this year than last, and hopefully, we will have fewer next year. We are getting better. Sadly, not all applications get better at the same rate. Some people just will not bother to patch old code. That is not a language problem, that is a people problem. (It doesn’t lessen the importance of the problem, but let’s at least properly identify it)

On the Zend Developer Zone Eli White has posted about a major refresh of the code for the DevZone website including several new features and updates on current ones:

The DevZone codebase has been upgraded today and some new features now exist to make your DevZone experience more engaging!

Updates include notification when articles are published, an update to how comments are posted, syntax highlight for code in posts, twitter integration on multiple accounts and plenty of backend updates to help with the stability and performance of the site in general.

If you'd like to add your own article for consideration, you can submit it here and you'll be notified if it's published.

According to this new post on i>Andi Gutmans' (of Zend) blog, the vision for the future of Zend Developer Zone (DevZone) has been advanced with the addition of a new team member - Eli White.

DevZone takes an important place alongside Zend Framework and our Eclipse-based tooling as an equal partner in collaboration. Open source companies’ tail wind is the community—and the learning and mentoring environment that comes with it. We have always strived to help support the ongoing process of cross pollination among the community which has truly matured the PHP eco-system as a whole. Professional content, leadership, and expertise associated with the very best practices of PHP are the key to what has made PHP a mature Enterprise-ready Web solution.

He talks a bit about the evolution of DevZone from the "Zend.org" concept up to the current day with contributions from smaller, single developers and larger companies alike. Now, with the hiring on of Eli White into the "Editor-in-Chief" role there at Zend, Andi is looking forward to "the next generation" of all things DevZone.