Friday, March 02, 2007

Month Of PHP Bugs

Stefan Esser from php-security.org has declared war on vulnerabilities in the PHP core with the "Month of PHP Bugs" or MOPB. During March 2007, theres already five vulnerabilities are in a list, also with some proof of concept "exploit" code provided, esser stated that this because on the one hand some people do not believe that a vulnerability is exploitable (maybe because their attempts failed) and on the other hand the lack of exploit code that tests for a certain vulnerability is the major reason why PHP vulnerabilities are sometimes not correctly fixed or why the same bugs are later reintroduced.

Esser stressed, that this initiative is as an effort to improve the security of PHP. However it wont concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core.

MOPB Are not cover PHP applications vulnerabilities.
"If you want a month of PHP application bugs you can subscribe to the bugtraq or full-disclosure mailinglists. Our initiative concentrates on bugs in the PHP standard distribution. However we might add some bonus bugs in software related to PHP but not PHP applications."- esser stated
Meanwhile, In the same time (March, 1st 2007) The PHP development team announce the immediate release of PHP 4.4.6, see the Changelog for details,

PHP is a popular and widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML, you can see how popular it is.


source: http://www.php.net/usage.php

No comments:

Post a Comment