December 15, 2006 at 01:41Security Expert Leaves PHP Team
Identifying security issues, Stefan Esser announced his resignation from the PHP security team, saying he had lost faith in the ability to resolve PHP security problems from within.
Indeed, security problems in PHP have been fixed for a very long time (in the current CVS tree there are fixes for security problems that users have been waiting for 6 months), they are not given priority attention. The issues raised by Stefan Esser were simply ignored by the PHP security team. Often error correction led to the appearance of new errors.
It is noteworthy that Stefan does not stop researching PHP problems, it only changes the principle of work, before he immediately reported errors to developers and waited until the error was fixed before publicly publishing the information. Now he will publish the results of his research, despite the presence of corrections in PHP.
Taken from ENT
upd: A look at the situation from the inside . Thanks long
Indeed, security problems in PHP have been fixed for a very long time (in the current CVS tree there are fixes for security problems that users have been waiting for 6 months), they are not given priority attention. The issues raised by Stefan Esser were simply ignored by the PHP security team. Often error correction led to the appearance of new errors.
It is noteworthy that Stefan does not stop researching PHP problems, it only changes the principle of work, before he immediately reported errors to developers and waited until the error was fixed before publicly publishing the information. Now he will publish the results of his research, despite the presence of corrections in PHP.
Taken from ENT
upd: A look at the situation from the inside . Thanks long