Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: PHP security: the scene might change - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP security: the scene might change

Will drew our attention to an interesting read in Stefan Esser's blog. It's about his resignation from the PHP Security Response Team. It's interesting to note that he both discovered and reported about PHP vulnerabilities in the past.

It seems the bottom line will be that we can expect some changes in how vulnerabilities in PHP are going to be handled in the future. It might include advisories about vulnerabilities without there being patches available. It might also mean an increase in the number of reported vulnerabilities.

Anyway it'll be worth it to add his PHP security blog to your routine if you need to know about PHP vulnerabilities.

Announcements about security vulnerabilities in widely deployed open source software without the matching patch is a very dangerous situation, so we hope this doesn't escalate too far.

Swa Frantzen -- Section 66


760 Posts
Dec 12th 2006

Sign Up for Free or Log In to start participating in the conversation!