Hey CFers, I am working on proving that ColdFusion is (was and still is…) the most secure Vs. other programming languages. Here's something I found recently
What do the experts say? CVE details
I've done a little research about which programming language is the most secure. CVE details specify the number of critical vulnerabilities for:
Security in ColdFusion: Second to None
As much as it pains me to say it… There are many out there who just hate ColdFusion. Search anywhere and you will find some kind of report about how unsecure ColdFusion “actually” is. But here’s the thing. Nobody hates on the guy at the bottom of the pack. They’re already there. It’s too easy. But if you got genuine “haters”, you must be doing something right.
And well, when it comes to security, ColdFusion is second to none.
Every platform will say it’s the most secure. That they are the top of the line. But most of that’s just a bunch of rhetoric. Where’s the proof? Where’s the data?
How about this… Let me share some data with you.
According to CVE Details (the ultimate resource for security vulnerabilities), ColdFusion has only a mere fraction of the security vulnerabilities that other programming languages have.
Let that sink in. And if you don’t believe me… Here’s the link. Go ahead and check it out. I’ll wait.
And you know what’s even better for us CF’ers… That graph and analysis goes back to 2006. SO, for over a decade, ColdFusion has consistently been the most secure web development platform out there. Say what you want. The numbers don’t lie.
There’s good reason for this. Adobe cares about your security. They are constantly providing new security updates and patches to keep us as CF’ers one step ahead. And for that we have to thank Adobe.
ColdFusion 2018 Security Upgrades
In the release of Adobe ColdFusion 2018, a very powerful tool was introduced to further our security capabilities.
The Auto Lockdown feature.
Every developer worth their salt understands the importance of properly securing their system. It can be the difference between life and death (of your ColdFusion web apps that is). So it’s awesome that Adobe released this feature.
It automatically scans and searches your application code for any existing security vulnerabilities and any potential security breaches. It determines the exact vulnerable code, type of vulnerability, and severity level. After all of that, the analyzer presents you with the option of removing and repairing the problem via recommended means.
But we also need to give thanks to our community. Adobe isn’t the only one looking out for us. Members of our very own community are developing third-party applications to turn our platform into something bigger and better. And when it comes to security… one company comes to mind.
I would love to hear what you think about security when working in ColdFusion (and other languages). Please leave your comments below.