Techworld has a story about the ongoing conflict between Stefan Esser, founder of PHP Security Response Team (which he recently left) and his former colleagues which are accused of being careless, if not …security incompetent.
It seems that Esser’s initiative to disclose one PHP vulnerability each day during March 2007 is unpopular among core PHP developers, especially for Zeev Suraski, co-creator of PHP and chief technology officer of Zend, which manages PHP development.
I’m a strong believer in full disclosure and I really hope that Stefan’s security disclosures will benefit all of the Web Sec community .
I will keep a close eye on Stefan’s blog during March because you never know what bug the next day will unveil. Or maybe you know 🙂 So, what do you think : should all these security vulnerabilities be disclosed or not ? (btw, PHP 5.2.1 fixed some, if not all of these vulnerabilities)
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Wednesday, February 21st, 2007 . Tagged with:
Previous Post: Drive-By Pharming – Let me fine tune your DNS entries »
Next Post: Web App Security Hall Of Fame – Meet the Gurus part 2 »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!