PHPDeveloper.org http://www.phpdeveloper.org Up-to-the Minute PHP News, views and community en-us Sun, 26 May 2013 02:19:26 -0500 30 <![CDATA[Zeev Suraski's Blog: PHP Security]]> http://www.phpdeveloper.org/news/6900 http://www.phpdeveloper.org/news/6900 To set things right about a misquote on Slashdot, Zeev Suraksi has posted this long statement mentioning what he really said and a few more personal opinions.

I've just been misquoted on Slashdot, as if I said there are no security problems in PHP itself, and that I instead point my finger only at inexperienced developers. If you read the original article on Heise Security, you'll see that I have not said anything of the sort. [...] I believe this is the belief of most others on the security team, but I'm only speaking on behalf of myself and do not represent them.

He also covers five more points pertaining to the article and the situation:

  • Where the bugs/problems lie with problems in PHP
  • Why there are security problems in web PHP applications
  • Why the current security level can be partially blamed on the language itself
  • An admission that yes, there are security problems in PHP
  • And the track record the PHP developers have had in fixing these issues
There's much more than just these brief highlights here, so I encourage you to head on over and check out the full post for yourself.

There are some other opinions on the matter from a few others out there too:

]]> Thu, 14 Dec 2006 15:36:38 -0600