Computerworld
Month of PHP bugs gets rolling
Eleven flaws already revealed in the first five days of the month
Matthew Broersma (Techworld.com)  06 March, 2007 08:50

Developer Stefan Esser has launched his Month of PHP Bugs project with 11 bugs in five days, including an old flaw reintroduced in a new version of PHP and several known bugs he says are unlikely ever to be fixed.

Esser and his collaborators published eight flaws in the first three days of the month, followed by another three on Sunday and Monday. Unlike similar, but unconnected, projects such as the Month of Kernel Bugs and the Month of Apple Bugs, "we do not enforce a one-vulnerability-per-day limit upon ourselves," Esser wrote on the site.

The project is designed to force PHP developers to improve security, and Esser kept up a steady stream of criticism of the way PHP security is handled. The three bugs published on the project's first day are those "that are already known but are not yet or will never be fixed", he said.

A cross-site scripting flaw, bug number eight, was disclosed in October 2005, fixed, but then reintroduced in PHP 4.4.3, Esser said.

The project focuses on the PHP standard distribution, but Esser included two "bonus" bugs that affect the Zend Platform, which runs on a web server, monitoring PHP applications and reporting on performance and possible problems.

Zend, which sponsors PHP development, has criticized Esser for his aggressive attitude toward PHP developers, but Esser said others have been supportive, with several developers volunteering their own zero-day flaws for publication.

"The reaction has been quite positive so far," he wrote in a blog post.

Computerworld Buyer's Guide - Vendors Matched to this Article
HAL Data Services , Dimension Data
More about HIS Limited, Apple

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Have your say!
Add to Google
Computerworld Buyer's Guide - Vendors Matched to this Article
HAL Data Services , Dimension Data
Discussions on The Computerworld Forum
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from Computerworld and leading technology partners.
Newsletter Subscription
Newsletter Subscription
Sign up for our Computerworld newsletters!
RSS Feeds
Syndicate content
 

Computerworld Webinar

Thursday, June 11th, 2009
10:30am EST (Sydney, Australia)
Screening at your PC

Computerworld is hosting a 30 minute live webinar to help you to learn how unified communications can save you money, foster innovation and business agility by making it easier for people to find, reach and collaborate with one another.

Register Now

Most Popular
IT Media Releases
Most Popular Whitepapers
Computerworld Community Comments
Videos
Most Commented
Get a job Careerone
Whitepaper
Read Whitepaper

Data Center Eco-Nomics

Discover the pathway towards greener, more efficient operations. Learn how real customers are leveraging their green efforts to drive toward the dynamic data centre of the future. Click through to watch this webinar now.

Enterprise IT Buyer's Guide
Find Technology Vendors Fast
 
Find vendors by name | Find by category
Sponsored Links
 
Send Us E-mail | Privacy Policy
Features List | Media Kit | Advertising | Contact Us
Copyright 2009 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.