PHP developer Stefan Esser has said he will go ahead with plans to disclose dozens of security flaws in PHP in March, hitting back at criticism that the “Month of PHP bugs” project is nothing more than dangerous, self-serving publicity. The problem isn’t irresponsible disclosure, but the sluggishness of the PHP team in fixing serious problems, Esser contended. He has first-hand experience with the PHP security process having created both the Hardened-PHP Project and the PHP Security Response Team, which he left acrimoniously in December.
Original post by Forum of Incident Response and Security Teams - Daily Security News
Posted on Thursday, February 22nd, 2007 at 4:29 pm and under category News, PHP.
You can read any responses through the RSS 2.0 feed.
You can give a response, or trackback from your site.