Developer Stefan Esser has launched his Month of PHP Bugs project with 11 bugs in five days, including an old flaw reintroduced in a new version of PHP and several known bugs he says are unlikely ever to be fixed.
Esser and his collaborators published eight flaws in the first three days of the month, followed by another three on Sunday and Monday. Unlike similar, but unconnected, projects such as the Month of Kernel Bugs and the Month of Apple Bugs, "we do not enforce a one-vulnerability-per-day limit upon ourselves," Esser wrote on the site.
The project is designed to force PHP developers to improve security, and Esser kept up a steady stream of criticism of the way PHP security is handled. The three bugs published on the project's first day are those "that are already known but are not yet or will never be fixed", he said.
A cross-site scripting flaw, bug number eight, was disclosed in October 2005, fixed, but then reintroduced in PHP 4.4.3, Esser said.
The project focuses on the PHP standard distribution, but Esser included two "bonus" bugs that affect the Zend Platform, which runs on a web server, monitoring PHP applications and reporting on performance and possible problems.
Zend, which sponsors PHP development, has criticized Esser for his aggressive attitude toward PHP developers, but Esser said others have been supportive, with several developers volunteering their own zero-day flaws for publication.
"The reaction has been quite positive so far," he wrote in a blog post.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Achieving the impossible: Unlimited application scalability
How to improve employee productivity in small and medium businesses
Making the Business Case for IT Consolidation
The state of Middleware
Controlling storage costs with Oracle database 11g
Delivering the Power of Choice with Microsoft Dynamics CRM
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
The state of Middleware
Middleware delivers unprecedented visibility and control over your business by making timely information available to decision makers. Organisations are using Middleware to leverage their existing IT investments, while optimizing their IT and business operations, securing their infrastructure and driving compliance. Read on to discover how Middleware can help you increase your businesses profitability.
Buying Guides
Latest Products
Buying Guides
