Back in August 2005, we wrote about the potential vulnerability of Linux systems in our article entitled There are no Pickpockets in the Desert. Although Linux itself remains strong, systems deployed on Linux are receiving more and more unwanted attention from hackers and crackers as reported by Netcraft:

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday’s hack of chip maker AMD’s customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

Internet criminals have targeted unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005 (as noted in their Year in Phishing roundup).

The tip of the iceberg? Maybe.

But effective software development of [bespoke] applications, whatever language they are written in, should take account of the environment that the application is to be deployed in and build in security systems as appropriate. It is also true that no software can be 100% secure, it’s just that the Web exposes these vulnerabilities so much quicker and with more visible consequences. How secure you decide to build an application will depend on the risk associated with compromise, and is also affected by budget constraints. However, professional software development should not be confused or compared with inexpensive freelance work, as the latter is often not developed to the same standard. I use the term inexpensive deliberately as there are numerous freelance developers who produce excellent work which can be more secure than other systems. It’s a case of using the right tool for the job! Remember too that much open source software is developed for free by talented people and is distributed for free to be used “as is with no warranties or liabilities”. As the old adage goes, “you get what you pay for”.

Link to full Netcraft Story.