Month of PHP Bugs Begins

Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the “Month of PHP Bugs.” PHP is an open-source HTML embedded scripting language used to create dynamic Web pages.

The month-long effort is an attempt to improve the security of PHP, Esser said in a post on his Web site.

It follows his contentious departure in December from the PHP Security Response Team, which he founded, after he accused The PHP Group of being too slow to fix problems.

Zend Technologies moves to boost PHP usage. Click here to read more.

Esser stressed, however, that he is not striking back at his old colleagues but is addressing legitimate security issues.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

“During March 2007, old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day-by-day basis,” he wrote. “We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team.”

Esser pledged to publicize at least one bug per day in March, and he kicked off the campaign by listing three: a PHP Variable Destructor Deep Recursion Stack Overflow, a PHP Executor Deep Recursion Stack Overflow and a PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK’s Security Watch blog.