Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zeev Suraski's Blog:
PHP Security
Dec 14, 2006 @ 15:36:38

To set things right about a misquote on Slashdot, Zeev Suraksi has posted this long statement mentioning what he really said and a few more personal opinions.

I've just been misquoted on Slashdot, as if I said there are no security problems in PHP itself, and that I instead point my finger only at inexperienced developers. If you read the original article on Heise Security, you'll see that I have not said anything of the sort. [...] I believe this is the belief of most others on the security team, but I'm only speaking on behalf of myself and do not represent them.

He also covers five more points pertaining to the article and the situation:

  • Where the bugs/problems lie with problems in PHP
  • Why there are security problems in web PHP applications
  • Why the current security level can be partially blamed on the language itself
  • An admission that yes, there are security problems in PHP
  • And the track record the PHP developers have had in fixing these issues
There's much more than just these brief highlights here, so I encourage you to head on over and check out the full post for yourself.

There are some other opinions on the matter from a few others out there too:

tagged: security misquote problem bug language developer problem security misquote problem bug language developer problem