To set things right about a misquote on Slashdot, Zeev Suraksi has posted this long statement mentioning what he really said and a few more personal opinions.
I've just been misquoted on Slashdot, as if I said there are no security problems in PHP itself, and that I instead point my finger only at inexperienced developers. If you read the original article on Heise Security, you'll see that I have not said anything of the sort. [...] I believe this is the belief of most others on the security team, but I'm only speaking on behalf of myself and do not represent them.
He also covers five more points pertaining to the article and the situation:
- Where the bugs/problems lie with problems in PHP
- Why there are security problems in web PHP applications
- Why the current security level can be partially blamed on the language itself
- An admission that yes, there are security problems in PHP
- And the track record the PHP developers have had in fixing these issues
There are some other opinions on the matter from a few others out there too: