Month-o-Bugs

Forum Moderators: coopster

Message Too Old, No Replies

Month-o-Bugs

Brett_Tabke

6:46 pm on Mar 1, 2007 (gmt 0)

[securityfocus.com...]

Security guru Stefan Esser launched the Month of PHP Bugs (MoPB) on Thursday, promising to release at least one bug every day for the month of March.

coopster

8:27 pm on Mar 1, 2007 (gmt 0)

The interview [securityfocus.com] is interesting. Is it just me, or does Stefan seem to be saying in the interview that on one hand, if you are running PHP you indeed need to be running his hardened patch, Suhosin. Yet, on the other hand, if you are wondering whether or not you should be Using Suhosin for hardening [webmasterworld.com] and read his FAQ, it does not imply that you need to use the patch.

It's going to be interesting to see how the developers react, if at all, to this.

dreamcatcher

8:51 pm on Mar 1, 2007 (gmt 0)

Is it me, or does this just seem like a case of sour grapes?

coopster

9:17 pm on Mar 1, 2007 (gmt 0)

That is what some have stated but he denies that in the interview and in the FAQ on the web site. There is some frustration at the root, that is evident. He seems a very bright man. Without a response from the developers it is tough to gauge the relationship, tension, etc. That's why I was searching for a response. I don't imagine the mailing lists are going to offer much, I'm certain most discussion on the team is happening outside the public realm. Still, I hope some form of statement is issued.

jatar_k

9:17 pm on Mar 1, 2007 (gmt 0)

The language has come under scrutiny when Esser, a longtime developer, left the PHP Group's internal security team in December, criticizing its members for not responding quickly to security issues. Members of the PHP Group fired back at Esser, stating his reasons for leaving were less about security and more about not working together with the team.

hehe

I'll be interested to see what "bugs" he releases.

I'm with you dc

coopster

9:25 pm on Mar 1, 2007 (gmt 0)

"I do not believe the main reason for his disengagement has to do with the way we deal with security issues, but the way he interacted with other people on the team," said Zeev Suraski, co-chief technology officer for Zend.
PHP security under scrutiny [securityfocus.com]

Quite the opposite of what Esser is stating in the news release cited earlier.

coopster

7:34 pm on Mar 2, 2007 (gmt 0)

I'm certain most discussion on the team is happening outside the public realm.

Yep, awhile ago. On their personal blogs. This has been brewing for well over a year now. Unfortunately.

eelixduppy

8:09 pm on Mar 5, 2007 (gmt 0)

Don't forget to check for more bug updates: [php-security.org...]

Month-o-Bugs

Brett_Tabke

coopster

dreamcatcher

coopster

jatar_k

coopster

coopster

eelixduppy

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week