Main Nav

Although this may be slightly off topic,  I was hoping that maybe some of you might know or have someone to talk to that could shed some light on this.
Our server-side scripting Technical Advisory Committee is looking at 2 products as choice finalists.  The choices are PHP and ColdFusion.  I looking to see if there are any security concerns with either one of those technologies that might sway us in one direction or the other. 
We know that ColdFusion has a means to automatically check for updates and security advisories, whereas PHP updates are an entirely manual process; also, we speculated that PHP, due to its significantly larger developer base, has a higher adoption rate which might translate to it being targeted more frequently.  What we don't have, though, is a clear idea of whether or not those two things translate to actual security issues in the real world.
Do you have an opinion on the matter, or access to any resources that might be able to indicate a clear advantage of one technology vs the other?  Please let me know.
Jim Pardonek
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago 
1032 W. Sheridan Road | Chicago, IL  60660

: (773) 508-6086