Friday, December 15, 2006

PHP security team member gives up

Stefan Esser, PHP security specialist and member of the official PHP
Security Response Team has, he says, had enough - in his blog he has
announced his immediate resignation from the PHP Security Response Team.


He says that he had stopped counting the number of times he was called a
traitor when he published a bug report on a vulnerability in PHP.


While Esser feels that certain PHP functions are intrinsically unsafe (for
example allow_url_fopen/allow_url_include) and should therefore be
revised, many developers, including PHP specialists Zend, think that the
security problems in PHP applications have simply been caused by
inexperienced programmers.


In his view it is also irresponsible to cease proper support for the PHP4

No comments: