Stefan Esser retires. He's an excellent security guy, but the Open Source community is often more like a religion than a software development house, and the one thing they can't abide is a heritic.
Saturday, December 9. 2006
Last night I finally retired from the PHP Security Response Team, that was initially my idea a few years ago.
The reasons for this are many, but the most important one is that I have realised that any attempt to improve the security of PHP from the inside is futile. The PHP Group will jump into your boat as soon you try to blame PHP's security problems on the user but the moment you criticize the security of PHP itself you become persona non grata. I stopped counting the times I was called immoral traitor for disclosing security holes in PHP or for developing Suhosin.
For the ordinary PHP user this means that I will no longer hide the slow response time to security holes in my advisories. It will also mean that some of my advisories will come without patches available, because the PHP Security Response Team refused to fix them for months. It will also mean that there will be a lot more advisories about security holes in PHP.
Posted by Stefan Esser in Security, PHP at 10:58
(
Subscribe to:
Post Comments (Atom)
3 comments:
Ho ho ho - a fellow I know on a mail list once wrote: "PHP is what Microsoft would invent if they were trying to clone Perl".
I am not enough of a coder to know if this is true or not - but it is funny.
hahaha.
I just mentioned your comment to a room full of developers, they all laughed and nodded.
All credit goes to a fellow named Peter Corlett.
Post a Comment