Without knowing the OS and patch version number, whether or not a company uses PHP 5.3 is completely irrelevant to how secure they are.<p>Ubuntu 12.04 LTS ships with PHP 5.3.10, and has been backporting security fixes since the PHP project EOL'd it. This will continue until April 2017.<p>RHEL 6 and CentOS 6 both support PHP 5.3.3, and will continue to do so for the remainder of their impressively long support cycle, until November 2020.<p>There's been a lot of FUD about outdated PHP versions going around in some circles, and I'm frankly very annoyed by it. Free and open-source software aren't like Windows XP. The original developer(s) announced EOL, so what? I'm under no obligation to get my PHP interpreter from the original developer(s), I get it from Red Hat and/or Canonical.<p>The whole point of having a stable Linux distribution is so that you can stop worrying about upstream EOL issues. Heck, RHEL/CentOS have even been backporting security fixes for PHP 5.1.6, not that any sane person would want to use that dinosaur of a version.<p>Some of the hosts on that list, however, are indeed using dangerously outdated PHP versions. Feel free to name and shame them.