Redpanda announced the integration of its Bring Your Own Cloud (BYOC) service with Microsoft Azure, expanding its multi-cloud offerings for delivering mission-critical data.
The PHP Landscape in 2024 - and the Growing Need to Consider Security and Compliance
July 09, 2024
The latest annual PHP Landscape report from Zend by Perforce provides insight into how PHP is being deployed and used, and also examines challenges such as managing end of life EOL software, and scrutiny of the 572 global respondents' concerns around and plans for security and compliance.
For example, respondents were asked about their confidence that their PHP applications are secure. On average, over half are very confident, 27% saying they are somewhat confident and just over 18% saying they are extremely confident. Only 1% are not at all confident.
Respondents were also asked to share their top app security tactics. On a scale of one to five, implementing strong authentication and access controls came out on top (4.38), closely followed by implementing and enforcing secure coding practices (4.35) and regularly applying security patches and updates in application dependencies (4.2). Monitoring and logging application activities for security incidents was rated at 3.99, with the fifth most popular tactical security measure being performing automated security scanning and testing (3.52).
Regulatory Requirements
The need to adhere to regulatory or industry requirements was noted by just under 55%, with the most prevalent being GPDR at almost 70% (with that figure rising to 95% in the UK and Europe and dropping to 45% in the US), followed by ISO27001, PCI DSS and internal compliance standards (each around 20%). In addition, approximately a quarter of UK and European PHP users mentioned the EU e-privacy directive.
When asked how well all global respondents are doing in meeting all their various compliance and regulatory needs, the majority are confidence: 57% very confident, 17% extremely confident, and 22% somewhat confident. Those not at all confident accounted for a mere 0.39%.
End of Life
PHP professionals also shared which versions of PHP they use, with an average of 2.43 different ones. The majority have completed one migration during the previous 12 months and almost 70% are planning another during 2024. PHP 8.2 was the most used version, at just over 57%, followed by PHP 9.1 (almost 54%), PHP 8 (46%), and PHP 7.4 (almost 48%). Even older versions are still in action.
That almost 55% are still working with at least one end-of-life (EOL) PHP version is a cause for concern since EOL software — if not supported — presents a genuine security risk. Among teams that indicated a lack of confidence in their PHP applications' security, over 70% also use EOL versions. While a significant risk, this deferring migration is understandable, though clearly not recommended. Migration takes effort and brings its challenges, with the top two migration pain points being refactoring and testing, each of these mentioned by approximately 37%.
Insight into PHP's Usage
Respondents were also asked about what types of PHP apps they build or deploy, and the answers varied, reflecting the diversity and flexibility of PHP's uses. Services or APIs took the top spot at 78%, followed by internal business applications at just over 64%. Content management was cited by 45%, e-commerce by just under 36%, and CRM/ERM and mobile backends were both mentioned by just under 30% of users.
Respondents were also asked what types of systems their PHP applications integrate with, and unsurprisingly, almost 95% quoted relational databases. Web APIs were the next most common selection, at just under 80%, with file systems taking third place at 70%. In addition, other categories, such as key-value storage, search services, and cache services, continued their year-on-year growth.
Where users deploy their PHP applications varies, and they may have several destinations. There is a fairly even split between cloud and on-premise, with the latter at just under 50%. That figure rises for larger organizations (64%) compared to just over 45% for smaller companies. This is a reversal of the report's findings in the past few years, indicating that many are returning on-premises.
Top Priorities
The survey also looked at users' PHP priorities. Over 42% spend three-quarters of their time developing new features and a quarter on application maintenance. A further 28% split their time fairly evenly between maintenance and feature development. Overall, the survey found that around 85% are spending their time developing new features. While this is encouraging, reducing their maintenance and migration burden in the future could make even better use of their capacity and skills.
Regardless, the report's finding make it clear that without doubt PHP is alive and kicking and, despite some challenges — including security, compliance and EoL software — it continues to evolve and mature, earning its place across multiple areas within today's organizations.
Industry News
August 08, 2024
Progress announced that Progress® Sitefinity Insight® customer data platform (CDP) has been certified by the Customer Data Platform (CDP) Institute as a RealCDP™ for meeting specific standards and capabilities that are essential for managing and utilizing customer data effectively.
August 08, 2024
Broadcom announced the latest addition to its ValueOps® by Broadcom value stream management (VSM) platform.
August 07, 2024
CloudBees has acquired Launchable in a move to ensure it offers the broadest GenAI optimization of any DevSecOps platform.
August 07, 2024
ArmorCode announced the general availability of AI Remediation in the ArmorCode ASPM Platform to help resolve security issues faster, put security expertise in the hands of developers, and reduce DevSecOps friction.
August 07, 2024
Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches.
August 06, 2024
Cequence introduced advancements to its Unified API Protection (UAP) platform, specifically tailored to support the secure use of AI applications like Generative AI and Large Language Models (LLMs).
August 06, 2024
Contrast Security introduced Application Detection and Response (ADR).
August 06, 2024
Apiiro introduced Risk Detection at Design Phase, a new, AI-driven capability that automatically analyzes feature requests to identify risks and proactively initiate security reviews or threat models at the earliest stage of the application development lifecycle.
August 06, 2024
AttackIQ announced the launch of testing aligned with the Digital Operational Resilience Act (DORA).
August 05, 2024
Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company, announced the general availability of Amazon Q, the most capable generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies' internal data.
August 05, 2024
Elastic announced the Elasticsearch vector database now stores and automatically chunks embeddings from mistral-embed, with native integrations to the Open Inference API and the semantic_text field.
August 05, 2024
Anaconda announced the public beta release of Anaconda Code within its Anaconda Toolbox for Excel.
August 05, 2024
Exiger announced the acquisition of software supply chain risk visibility platform aDolus Technology Inc.
August 01, 2024
Progress announced the launch of Progress® Chef® Courier™, an innovative product designed to streamline, automate and optimize job orchestration across the entire enterprise software infrastructure.
