Security researchers have begun a month-long project to highlight security flaws in PHP, the popular scripting language.

The "Month of PHP Bugs", which began last Thursday, promises a bug a day for the month of March from the folks behind the Hardened-PHP Project.

Eleven bugs have been detailed thus far as part of the project, which aims to shake up the way bugs in the scripting language are handled. The bugs involve a range of flaws of varying seriousness (from simple denial of service to remote exploitation) along with proof of concept exploit code, in most cases.

"This initiative is an effort to improve the security of PHP," Stefan Esser, a noted PHP security expert explains. "During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team." ®

Related stories

• PHP takes aim at Radar (23 July 2007)
• LMH and InfoSec Sellout unmasked? (19 July 2007)
• Stob Unhelpful Microsoft help denies helpless millions help (8 March 2007)
• PHP security from the inside (7 February 2007)
• PHP apps: security's low-hanging fruit (11 January 2007)
• PHP security under scrutiny (21 December 2006)
• Building websites with PHP-Nuke (19 September 2006)
• Analysis Web vulns top security threat index (18 September 2006)
• Linux worm targets PHP flaw (20 February 2006)