According to this new post on Chris Shiflett's blog today, there's an overview of a security architecture PHP by Andrew van der Stock.

I think he clarifies many of the things he mentioned in his previous post, and he makes a statement that has been a guiding principle for me in my work on the Zend Framework:

"Of course, it is possible to write insecure programs in any language if you try hard enough. What I want is the easiest way is also the safest way."

I'm really glad to hear Andrew make this statement, because I think it's a simple but important goal - make the easiest way the safest way.

He also talks about the recent "security issues" talk that's been floating around the PHP community (see here and here) and notes that, considering the work he's doing on the Zend Framework, his personal focus is to make that as secure as possible, not the PHP core...

According to this new post on Chris Shiflett's blog today, there's an overview of a security architecture PHP by Andrew van der Stock.

I think he clarifies many of the things he mentioned in his previous post, and he makes a statement that has been a guiding principle for me in my work on the Zend Framework:

"Of course, it is possible to write insecure programs in any language if you try hard enough. What I want is the easiest way is also the safest way."

I'm really glad to hear Andrew make this statement, because I think it's a simple but important goal - make the easiest way the safest way.

He also talks about the recent "security issues" talk that's been floating around the PHP community (see here and here) and notes that, considering the work he's doing on the Zend Framework, his personal focus is to make that as secure as possible, not the PHP core...