PHP vs. PHP. Live bugs every day during March
Techworld has a story about the ongoing conflict between Stefan Esser, founder of PHP Security Response Team (which he recently left) and his former colleagues which are accused of being careless, if not …security incompetent.
It seems that Esser’s initiative to disclose one PHP vulnerability each day during March 2007 is unpopular among core PHP developers, especially for Zeev Suraski, co-creator of PHP and chief technology officer of Zend, which manages PHP development.
I’m a strong believer in full disclosure and I really hope that Stefan’s security disclosures will benefit all of the Web Sec community .
I will keep a close eye on Stefan’s blog during March because you never know what bug the next day will unveil. Or maybe you know 
So, what do you think : should all these security vulnerabilities be disclosed or not ? (btw, PHP 5.2.1 fixed some, if not all of these vulnerabilities)
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post Info
This entry was posted on Wednesday, February 21st, 2007 and is filed under Month Of PHP Bugs, Open Mike, Web Applications.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Drive-By Pharming - Let me fine tune your DNS entries »
Next Post: Web App Security Hall Of Fame - Meet the Gurus part 2 »
Read More
Related Reading:- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
- Googlehacks and Anti-Googlehacks
