Menu
PHP bug hunter silences his critics with security project

PHP bug hunter silences his critics with security project

Month of PHP bugs nets 41 security flaws in source code; hunter satisfied

PHP bug hunter Stefan Esser says he feels vindicated after his successful Month of PHP Bugs project which ran through March.

The project, which aimed to highlight flaws in the PHP source code, uncovered 44 bugs, although Esser said the real number was 41, because three bugs were not in PHP code itself. These, he said, were a "bonus".

Esser copped a lot of flak ahead of, and during, his Month of PHP bugs project.

Many critics in blogsphere claimed the project was an act of revenge against the PHP community which Esser was once close to.

Esser, who was a founder of the PHP Security Response Team, left the group amid much acrimony in December 2006. He said his main bone of contention with the group lay in the righteous view its members had of the PHP source code, and what he believed was their protection of insecure code.

In light of his criticisms of the PHP source code, Esser went about organizing the MOPG, which he said was a "concentrated audit" of bugs. "I have been doing bug hunting in PHP for years now. Only this time I collected the bugs and released them in a more dramatic way than I usually do," he said.

"The outcome is that I proved that there is substance behind things I claim, which is quite uncommon in PHP security where most is just marketing talk," he said. "I have especially demonstrated that my claims that PHP developers reintroduce bugs or never fix them correctly or introduce new vulnerabilities with security fixes are valid."

Esser said he did not know if there will be a 'Return of the MOPB'.

"But yes, I will continue to uncover vulnerabilities in PHP and develop protections against those vulnerabilities," he said.

"I have been doing this for six years and I do not plan to stop. I still have more PHP vulnerabilities in my pocket."

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

VMware's sponsors and partners used the opportunity at VMworld 2015 to showcase some of their technologies. At an exhibition hall, these vendors educated those that popped by their stands on these solutions and addressed some of the issues surrounding mobility, datacentres, and the Cloud. SOme of the big names there included f5, Palo Alto Networks, HP, Intel, Samsung, and Symantec.

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)
IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

VMware has kicked off VMworld 2015 in San Francisco and the first day saw keynotes from its president and CEO, Carl Eschenbach; executive vice-president and general manager, Bill Fathers; and executive vice-president and general manager of SDDC, Raghu Raghuram; amongst others. VMware also made Cloud-related announcements and demonstrated its latest technology.

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments