Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the “Month of PHP Bugs.” PHP is an open-source HTML embedded scripting language used to create dynamic Web pages. The month-long effort is an attempt to improve the security of PHP, Esser said in a post on his Web site. It follows his contentious departure in December from the PHP Security Response Team, which he founded, after he accused The PHP Group of being too slow to fix problems.
Esser stressed, however, that he is not striking back at his old colleagues but is addressing legitimate security issues. “During March 2007, old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day-by-day basis,” he wrote. “We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team.”
PHP, Vulnerability, Bugs