Feeds

Month of PHP bugs project launches

Script down to the core

Top 5 reasons to deploy VMware with Tegile

Security researchers have begun a month-long project to highlight security flaws in PHP, the popular scripting language.

The "Month of PHP Bugs", which began last Thursday, promises a bug a day for the month of March from the folks behind the Hardened-PHP Project.

Unlike the earlier Month of Browser Bugs and Month of Apple Bugs projects, which inspired the PHP initiative, the Month of PHP bugs will feature both old and new bugs as part of the overall goal of raising awareness about PHP-related security issues. The project will focus on security flaws involving the PHP core, not programming errors that might result in insecure applications.

Eleven bugs have been detailed thus far as part of the project, which aims to shake up the way bugs in the scripting language are handled. The bugs involve a range of flaws of varying seriousness (from simple denial of service to remote exploitation) along with proof of concept exploit code, in most cases.

"This initiative is an effort to improve the security of PHP," Stefan Esser, a noted PHP security expert explains. "During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.