Security expert leaves PHP team
Stefan Esser, who identified security-related issues, said he was leaving the PHP security team, stating that he had lost faith in the ability to solve PHP security problems from the inside.
Indeed, security problems in PHP are fixed for a very long time (in the current CVS tree there are fixes for security problems that users have been waiting for for 6 months), they are not paid priority attention. The problems raised by Stefan Esser were simply ignored in the PHP security team. Often the correction of errors led to the emergence of new errors.
It is noteworthy that Stefan does not stop researching PHP problems, it only changes the way it works, before it immediately reported errors to the developers and waited for the error to be corrected before publicly publishing the information. Now he will publish the results of his research despite the presence of corrections in PHP.
')
Taken from the ENT
upd: A look at the situation from the inside . Thank you long
Indeed, security problems in PHP are fixed for a very long time (in the current CVS tree there are fixes for security problems that users have been waiting for for 6 months), they are not paid priority attention. The problems raised by Stefan Esser were simply ignored in the PHP security team. Often the correction of errors led to the emergence of new errors.
It is noteworthy that Stefan does not stop researching PHP problems, it only changes the way it works, before it immediately reported errors to the developers and waited for the error to be corrected before publicly publishing the information. Now he will publish the results of his research despite the presence of corrections in PHP.
')
Taken from the ENT
upd: A look at the situation from the inside . Thank you long
Source: https://habr.com/ru/post/887/
All Articles