Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Month of PHP bugs gets rolling

Eleven flaws in five days.

Article comments

Developer Stefan Esser has launched his Month of PHP Bugs project with 11 bugs in five days, including an old flaw reintroduced in a new version of PHP and several known bugs he says are unlikely ever to be fixed.

Esser and his collaborators published eight flaws in the first three days of the month, followed by another three on Sunday and Monday. Unlike similar, but unconnected, projects such as the Month of Kernel Bugs and the Month of Apple Bugs, "we do not enforce a one-vulnerability-per-day limit upon ourselves," Esser wrote on the site.

The project is designed to force PHP developers to improve security, and Esser kept up a steady stream of criticism of the way PHP security is handled. The three bugs published on the project's first day are those "that are already known but are not yet or will never be fixed", he said.

A cross-site scripting flaw, bug number eight, was disclosed in October 2005, fixed, but then reintroduced in PHP 4.4.3, Esser said.

The project focuses on the PHP standard distribution, but Esser included two "bonus" bugs that affect the Zend Platform, which runs on a web server, monitoring PHP applications and reporting on performance and possible problems.

Zend, which sponsors PHP development, has criticised Esser for his aggressive attitude toward PHP developers, but Esser said others have been supportive, with several developers volunteering their own zero-day flaws for publication.

"The reaction has been quite positive so far," he wrote in a blog post.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *