PHP bug hunter silences his critics with security project

Month of PHP bugs nets 41 security flaws in source code; hunter satisfied

Howard Dahdah (ARN)
10 April, 2007 15:15
Comments

PHP bug hunter Stefan Esser says he feels vindicated after his successful Month of PHP Bugs project which ran through March.

The project, which aimed to highlight flaws in the PHP source code, uncovered 44 bugs, although Esser said the real number was 41, because three bugs were not in PHP code itself. These, he said, were a "bonus".

Esser copped a lot of flak ahead of, and during, his Month of PHP bugs project.

Many critics in blogsphere claimed the project was an act of revenge against the PHP community which Esser was once close to.

Esser, who was a founder of the PHP Security Response Team, left the group amid much acrimony in December 2006. He said his main bone of contention with the group lay in the righteous view its members had of the PHP source code, and what he believed was their protection of insecure code.

In light of his criticisms of the PHP source code, Esser went about organizing the MOPG, which he said was a "concentrated audit" of bugs. "I have been doing bug hunting in PHP for years now. Only this time I collected the bugs and released them in a more dramatic way than I usually do," he said.

"The outcome is that I proved that there is substance behind things I claim, which is quite uncommon in PHP security where most is just marketing talk," he said. "I have especially demonstrated that my claims that PHP developers reintroduce bugs or never fix them correctly or introduce new vulnerabilities with security fixes are valid."

Esser said he did not know if there will be a 'Return of the MOPB'.

"But yes, I will continue to uncover vulnerabilities in PHP and develop protections against those vulnerabilities," he said.

"I have been doing this for six years and I do not plan to stop. I still have more PHP vulnerabilities in my pocket."

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: ACT, HIS Limited

References show all

PHP Group accused of security incompetence

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

10 Essential Steps to Web Security

This short guide outlines 10 simple steps to best practice in web security. Follow them all to step up your organisation’s information security and stay ahead of your competitors. But remember that the target never stands still. Focus on the principles behind the steps – policy, vigilance, simplification, automation and transparency – to keep your information security bang up to date.

Featured Download

Lavasoft Ad-Aware Free

Ad-Aware Free has long been one of the most popular spyware killers on the planet, and with good reason. It's simple to use, does an ...

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Popular tags: Business Management, Data Centre, Security, Storage, Master Data Management

Latest Jobs

FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
CCSAP FICO ConsultantNT
CCSystem Engineer - Exchange - CONTRACTSWA
CCAvaya Engineer - ERS 8600 4.1NSW
FTChange Management ProfessionalsNSW
CCOBIEE ConsultantWA
FTSAP Basis ConsultantNSW
FTQM Trainer and ConsultantNSW
FTSenior Citrix EngineerNSW
FTSenior Citrix EngineerNSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTSAP Basis ConsultantACT
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTiPhone App DeveloperNSW
FTASP.NET Developer (Digital)NSW
FTiPhone Developer DeveloperNSW
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW

Market Place

PHP bug hunter silences his critics with security project

Comments

Post new comment

Consider desktops in the cloud for BYOD

Spotify music streaming hits Australian shores

NSW Electorate Office transitions to IP telephony

Which tablet should I buy? iPad 2 vs Sony Tablet S

iPhone 5 rumour roll up for the week ending May 18

Monday Grok: Facebook IPO — not everyone’s as greedy as a Wall Street underwriter

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

New MSN site updates users on topics trending on Twitter, Facebook

NBN to blow out by $400m: Turnbull

10 Essential Steps to Web Security

BPM Basics for Dummies

Oracle Business Intelligence and Data Warehousing From Storage to Scorecard

How will CIOs meet growing Security Threats?

Lavasoft Ad-Aware Free

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

A Data Center Fabric Is Critical to a Next-Generation Unified Data Center

Beverage Distributor Virtualises Data Centre: A case study

Learning To Compete: IT’s Next Transformation

Computerworld newsletter

Don't have an account?

PHP bug hunter silences his critics with security project

Comments

Post new comment

Computerworld newsletter