PHP vs. PHP. Live bugs every day during March

Techworld has a story about the ongoing conflict between Stefan Esser, founder of PHP Security Response Team (which he recently left) and his former colleagues which are accused of being careless, if not …security incompetent.

It seems that Esser’s initiative to disclose one PHP vulnerability each day during March 2007 is unpopular among core PHP developers, especially for Zeev Suraski, co-creator of PHP and chief technology officer of Zend, which manages PHP development.

I’m a strong believer in full disclosure and I really hope that Stefan’s security disclosures will benefit all of the Web Sec community .

I will keep a close eye on Stefan’s blog during March because you never know what bug the next day will unveil. Or maybe you know 🙂 So, what do you think : should all these security vulnerabilities be disclosed or not ? (btw, PHP 5.2.1 fixed some, if not all of these vulnerabilities)



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge