Month of PHP Bugs Begins

By Brian Prince  |  Posted 2007-03-01 Print this article Print

The former PHP Security Response Team member says the planned month of vulnerability disclosures is an effort to improve security for the open-source scripting language.

Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the "Month of PHP Bugs." PHP is an open-source HTML embedded scripting language used to create dynamic Web pages.

The month-long effort is an attempt to improve the security of PHP, Esser said in a post on his Web site.

It follows his contentious departure in December from the PHP Security Response Team, which he founded, after he accused The PHP Group of being too slow to fix problems.

Zend Technologies moves to boost PHP usage. Click here to read more.

Esser stressed, however, that he is not striking back at his old colleagues but is addressing legitimate security issues.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

"During March 2007, old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day-by-day basis," he wrote. "We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team."

Esser pledged to publicize at least one bug per day in March, and he kicked off the campaign by listing three: a PHP Variable Destructor Deep Recursion Stack Overflow, a PHP Executor Deep Recursion Stack Overflow and a PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.