Because it is a secure environment and I may not use any non core modules, other than those I write...

Who came up with that nonsense idea? What makes core modules so special that they are suitable for a "secure" environment, but other modules from CPAN aren't? And what about that "insecure" CPAN modules that become core modules during the development of Perl? How do they suddenly become "secure"? Is the entire Perl source code subject to a code review?

Or is "security" once more a lame excuse not to use CPAN? See also Re^4: CSV file with double quotes and NIH syndrome.

Alexander

I think they consider Perl core to be well enough tested and reviewed by its widespread usage. The security team follow CVE closely and if any significant new vulnerability is found patching it is highest priority work (For all software we use). Other random modules from CPAN are an unknown and would need to be reviewed in depth. I realise I am more likely to introduce a novel bug re-creating wheels, but it has the advantage of not being deployed outside this organisation, so less likely to be found and exploited. Another site I have worked even removed most of the core modules. If you wanted one you needed a good reason and a review before it could be used. This sort of approach is common in banks (at least in Europe) with regular audits and a high chance you get your marching orders if you use any non-approved software. Any novel software does get a lengthy review including penetration testing, design reviews etc... Its possible but for something small like this quicker to write a new solution in house.

Cheers,
R.

Pereant, qui ante nos nostra dixerunt!