Month of PHP bugs project launches
PrintScript down to the core
Posted in Software & Security, 5th March 2007 15:36 GMT
Free whitepaper – What Exchange can't do - and Dell can
Security researchers have begun a month-long project to highlight security flaws in PHP, the popular scripting language.
The "Month of PHP Bugs", which began last Thursday, promises a bug a day for the month of March from the folks behind the Hardened-PHP Project.
Unlike the earlier Month of Browser Bugs and Month of Apple Bugs projects, which inspired the PHP initiative, the Month of PHP bugs will feature both old and new bugs as part of the overall goal of raising awareness about PHP-related security issues. The project will focus on security flaws involving the PHP core, not programming errors that might result in insecure applications.
Eleven bugs have been detailed thus far as part of the project, which aims to shake up the way bugs in the scripting language are handled. The bugs involve a range of flaws of varying seriousness (from simple denial of service to remote exploitation) along with proof of concept exploit code, in most cases.
"This initiative is an effort to improve the security of PHP," Stefan Esser, a noted PHP security expert explains. "During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team." ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
New storage architectures make SSDs more cost-effective
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs