Month of PHP Bugs BeginsBy Brian Prince | Posted 2007-03-01 Email Print
The former PHP Security Response Team member says the planned month of vulnerability disclosures is an effort to improve security for the open-source scripting language.Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the "Month of PHP Bugs." PHP is an open-source HTML embedded scripting language used to create dynamic Web pages.
The month-long effort is an attempt to improve the security of PHP, Esser said in a post on his Web site.
It follows his contentious departure in December from the PHP Security Response Team, which he founded, after he accused The PHP Group of being too slow to fix problems.
Esser stressed, however, that he is not striking back at his old colleagues but is addressing legitimate security issues.
"During March 2007, old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day-by-day basis," he wrote. "We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team."
Esser pledged to publicize at least one bug per day in March, and he kicked off the campaign by listing three: a PHP Variable Destructor Deep Recursion Stack Overflow, a PHP Executor Deep Recursion Stack Overflow and a PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability.