PHP vs ColdFusion Security Concerns

[Jim Pardonek <jpardonek () LUC EDU>]

Greetings,
 
Although this may be slightly off topic,  I was hoping that maybe some of you might know or have someone to talk to 
that could shed some light on this.
 
Our server-side scripting Technical Advisory Committee is looking at 2 products as choice finalists.  The choices are 
PHP and ColdFusion.  I looking to see if there are any security concerns with either one of those technologies that 
might sway us in one direction or the other. 
 
We know that ColdFusion has a means to automatically check for updates and security advisories, whereas PHP updates are 
an entirely manual process; also, we speculated that PHP, due to its significantly larger developer base, has a higher 
adoption rate which might translate to it being targeted more frequently.  What we don't have, though, is a clear idea 
of whether or not those two things translate to actual security issues in the real world.
 
Do you have an opinion on the matter, or access to any resources that might be able to indicate a clear advantage of 
one technology vs the other?  Please let me know.
 
Thanks!
 
Jim Pardonek
 
 
 
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago 
1032 W. Sheridan Road | Chicago, IL  60660

(: (773) 508-6086