The PHP Landscape in 2024 - and the Growing Need to Consider Security and Compliance
July 09, 2024

Stephen Feloney
Perforce Software

The latest annual PHP Landscape report from Zend by Perforce provides insight into how PHP is being deployed and used, and also examines challenges such as managing end of life EOL software, and scrutiny of the 572 global respondents' concerns around and plans for security and compliance.

For example, respondents were asked about their confidence that their PHP applications are secure. On average, over half are very confident, 27% saying they are somewhat confident and just over 18% saying they are extremely confident. Only 1% are not at all confident.

Respondents were also asked to share their top app security tactics. On a scale of one to five, implementing strong authentication and access controls came out on top (4.38), closely followed by implementing and enforcing secure coding practices (4.35) and regularly applying security patches and updates in application dependencies (4.2). Monitoring and logging application activities for security incidents was rated at 3.99, with the fifth most popular tactical security measure being performing automated security scanning and testing (3.52).

Regulatory Requirements

The need to adhere to regulatory or industry requirements was noted by just under 55%, with the most prevalent being GPDR at almost 70% (with that figure rising to 95% in the UK and Europe and dropping to 45% in the US), followed by ISO27001, PCI DSS and internal compliance standards (each around 20%). In addition, approximately a quarter of UK and European PHP users mentioned the EU e-privacy directive.

When asked how well all global respondents are doing in meeting all their various compliance and regulatory needs, the majority are confidence: 57% very confident, 17% extremely confident, and 22% somewhat confident. Those not at all confident accounted for a mere 0.39%.

End of Life

PHP professionals also shared which versions of PHP they use, with an average of 2.43 different ones. The majority have completed one migration during the previous 12 months and almost 70% are planning another during 2024. PHP 8.2 was the most used version, at just over 57%, followed by PHP 9.1 (almost 54%), PHP 8 (46%), and PHP 7.4 (almost 48%). Even older versions are still in action.

That almost 55% are still working with at least one end-of-life (EOL) PHP version is a cause for concern since EOL software — if not supported — presents a genuine security risk. Among teams that indicated a lack of confidence in their PHP applications' security, over 70% also use EOL versions. While a significant risk, this deferring migration is understandable, though clearly not recommended. Migration takes effort and brings its challenges, with the top two migration pain points being refactoring and testing, each of these mentioned by approximately 37%.

Insight into PHP's Usage

Respondents were also asked about what types of PHP apps they build or deploy, and the answers varied, reflecting the diversity and flexibility of PHP's uses. Services or APIs took the top spot at 78%, followed by internal business applications at just over 64%. Content management was cited by 45%, e-commerce by just under 36%, and CRM/ERM and mobile backends were both mentioned by just under 30% of users.

Respondents were also asked what types of systems their PHP applications integrate with, and unsurprisingly, almost 95% quoted relational databases. Web APIs were the next most common selection, at just under 80%, with file systems taking third place at 70%. In addition, other categories, such as key-value storage, search services, and cache services, continued their year-on-year growth.

Where users deploy their PHP applications varies, and they may have several destinations. There is a fairly even split between cloud and on-premise, with the latter at just under 50%. That figure rises for larger organizations (64%) compared to just over 45% for smaller companies. This is a reversal of the report's findings in the past few years, indicating that many are returning on-premises.

Top Priorities

The survey also looked at users' PHP priorities. Over 42% spend three-quarters of their time developing new features and a quarter on application maintenance. A further 28% split their time fairly evenly between maintenance and feature development. Overall, the survey found that around 85% are spending their time developing new features. While this is encouraging, reducing their maintenance and migration burden in the future could make even better use of their capacity and skills.

Regardless, the report's finding make it clear that without doubt PHP is alive and kicking and, despite some challenges — including security, compliance and EoL software — it continues to evolve and mature, earning its place across multiple areas within today's organizations.

Stephen Feloney is VP of Products - Continuous Testing at Perforce Software
Share this

Industry News

July 25, 2024

Backslash Security introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities.

July 25, 2024

Check Point® Software Technologies Ltd. announced the appointment of Nadav Zafrir as Check Point Chief Executive Officer.

July 25, 2024

Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

July 24, 2024

Broadcom unveiled the latest updates to VMware Cloud Foundation (VCF), the company’s flagship private cloud platform.

July 24, 2024

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.

July 24, 2024

Zesty announced the launch of its Insights and Automation Platform.

July 23, 2024

Progress announced the availability of Progress® MarkLogic® FastTrack™, a UI toolkit for building data- and search-driven applications to visually explore complex connected data stored in Progress® MarkLogic® platform.

July 23, 2024

Snowflake will host the Llama 3.1 collection of multilingual open source large language models (LLMs) in Snowflake Cortex AI for enterprises to easily harness and build powerful AI applications at scale.

July 23, 2024

Secure Code Warrior announced the availability of SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit.

July 23, 2024

GFT launched AI Impact, a new solution that leverages artificial intelligence to eliminate technical debt, increase developer efficiency and automate critical software development processes.

July 23, 2024

Code Metal announced a $13M seed, led by Shield Capital.

July 22, 2024

Atlassian Corporation has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is now listed on the FedRAMP marketplace.

July 18, 2024

Mission Cloud announced the launch of Mission Cloud Engagements - DevOps, a platform designed to transform how businesses manage and execute their AWS DevOps projects.

July 18, 2024

Accelario announces the release of its free TDM solution, including database virtualization and data anonymization.