It seems that Esser’s initiative to disclose one PHP vulnerability each day during March 2007 is unpopular among core PHP developers, especially for Zeev Suraski, co-creator of PHP and chief technology officer of Zend, which manages PHP development.

The other day I attended a meeting where I got hit by a new concept .It is the unfortunate brainchild of the new age of risk management and compliance obsession. So it goes like this : Compliance = Vulnerability.