Will drew our attention to an interesting read in Stefan Esser's blog. It's about his resignation from the PHP Security Response Team. It's interesting to note that he both discovered and reported about PHP vulnerabilities in the past.
It seems the bottom line will be that we can expect some changes in how vulnerabilities in PHP are going to be handled in the future. It might include advisories about vulnerabilities without there being patches available. It might also mean an increase in the number of reported vulnerabilities.
Anyway it'll be worth it to add his PHP security blog to your routine if you need to know about PHP vulnerabilities.
Announcements about security vulnerabilities in widely deployed open source software without the matching patch is a very dangerous situation, so we hope this doesn't escalate too far.
Dec 12th 2006
1 decade ago