Stefan Esser verläßt "PHP Security Response Team"
Stefan Esser, bekannter Autor unzähliger Security-Advisories (nicht nur) zur Skriptsprache PHP (von denen auch dieses Blog durchaus schon betroffen war) sowie Mitbegründer des Hardened PHP Projektes, zieht sich vom “PHP Security Response Team” zurück:
Last night I finally retired from the PHP Security Response Team, that was initially my idea a few years ago.
The reasons for this are many, but the most important one is that I have realised that any attempt to improve the security of PHP from the inside is futile. The PHP Group will jump into your boat as soon you try to blame PHP’s security problems on the user but the moment you criticize the security of PHP itself you become persona non grata.
The reasons for this are many, but the most important one is that I have realised that any attempt to improve the security of PHP from the inside is futile. The PHP Group will jump into your boat as soon you try to blame PHP’s security problems on the user but the moment you criticize the security of PHP itself you become persona non grata.
In Zukunft möchte Esser keine Rücksicht mehr auf die in seinen Augen zu behäbige Reaktionszeit bei gefundenen Sicherheitslücken nehmen und diese unabhängig von der Verfügbarkeit von Patches veröffentlichen. “It will also mean that there will be a lot more advisories about security holes in PHP.”
Update 20061213:
Auch Heise berichtet: Sicherheitsspezialist verlässt resigniert PHP-Security-Team.
Via Kanalmitinsasse und Rubyevangelist Bjoern.
php blog
24 Okt 2008
http://www.phphatesme.com/archives/780