News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
Publishing Security Disclosures In Consumable Formats
May 16, 2013 @ 09:03:59

Pádraic Brady has a new post today proposing that what the PHP ecosystem needs is a way to better publish security disclosures in a format that's easy to parse and deal with.

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I'll start by noting two interesting developments in recent months and one long standing best practice.

The two "interesting developments" he mentions are the relatively recently released SensioLabs Security Checker that uses you Composer file to find security issues and the new entry in the latest version of the OWASP Top 10 list for "Using Components with Known Vulnerabilities". The best practice he talks about is more around the timely/responsible disclosure of vulnerabilities and how some kind of decentralized tracking of these issues that puts the responsibility back on the developers of the tool and not on one tracking resource.

0 comments voice your opinion now!
security disclosure feed proposal sensiolabs checker owasp

Link: http://blog.astrumfutura.com/2013/05/publishing-security-disclosures-in-consumable-formats-for-simpler-aggregation-and-security-checking

blog comments powered by Disqus

Similar Posts

Ruslan Yakushev's Blog: ASP.NET vulnerability affecting PHP sites on IIS

Pádraic Brady: Composer: Downloading Random Code Is Not A Security Vulnerability?

Ed Finkler's Blog: Inspekt Project funded by OWASP

Mark Jaquith's Blog: WordPress 2.0.6: Feedburner issue, and fix

Greg Beaver's Blog: Mac OS X ships with security hole-laden PEAR - how to upgrade immediately


Community Events

Don't see your event here?
Let us know!


php7 security introduction voicesoftheelephpant opinion example release podcast version video library api laravel5 framework unittest language interview laravel community series

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework