Friday, December 15, 2006
Are Open Sores Security Problems Growing?
If you're using PHP, you should be concerned...no...VERY concerned about this news. Stefen Esser has quit as a member of the PHP Security Response Team (reported here). The most disturbing part of this is what Esser says (from his blog),
This is part of the problem I've talked about for several years. That Microsoft products will become more secure than Open Sores, despite the Open Sores Community's statement that more people are looking at the code so you'll discover and fix more problems. Egos are getting in the way here of making PHP better. Will this become a trend and move to other Open Sores products? Time will tell.
"The reasons for this are many, but the most important one is that I have realised that any attempt to improve the security of PHP from the inside is futile. The PHP Group will jump into your boat as soon you try to blame PHP's security problems on the user but the moment you criticize the security of PHP itself you become persona non grata. I stopped counting the times I was called immoral traitor for disclosing security holes in PHP..."Esser further states that the security team has refused to fix several problems for months. It appears the PHP security problems will get much worse before they get better...if ever.
This is part of the problem I've talked about for several years. That Microsoft products will become more secure than Open Sores, despite the Open Sores Community's statement that more people are looking at the code so you'll discover and fix more problems. Egos are getting in the way here of making PHP better. Will this become a trend and move to other Open Sores products? Time will tell.
// posted by Craig Berntson @ 10:18:00 AM 
Subscribe to Posts [Atom]