Over on the SecurityFocus website, there's an interview posted with Stefan Esser of the Hardened-PHP Project (as interviewed by Federico Biancuzzi.
Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.
Some of the topics discussed include
- the Hardened-PHP Project
- Suhosin
- the PHP Security Response Team (his role in it and why he left)
- PHP5's security focus versus PHP4's
- and more...