top | item 33970660

(no title)

Three years ago I released a tool called PHP Version Audit. The idea is that it parses the PHP changelog and notifies you if you are running a PHP version that has a CVE or has lost support.

Anyways, after running for three years, I thought it would be fun to put together some data. The most interesting one is that PHP Version Audit has a median CVE discovery of 5 hours after the PHP announcement. In contrast, the NVE CVE Database has a median of 260 hours - or almost 11 days. Of course the NVE CVE Database has all sorts of information like a vulnerability score, so maybe it’s an apples vs. oranges comparison. Anyways, I hope someone else finds this interesting :)

If you think PHP Version Audit is interesting, there is also Node Version Audit[0] that I released earlier this year.

0: https://www.github.developerdan.com/node-version-audit/

discuss

No comments yet.