This one time, at band camp, Gadi Evron <ge@xxxxxxxxxxxx> wrote: > 3. Staying on top of new PHP vulnerabilities has become impossible, > popping around everywhere. What vulnerabilities in PHP? Are implying the fault is within the language itself? This is akin to saying C has vulnerabilites because some script kiddie wrote a poor application. > > 4. Determining how secure a PHP application is, looking at the code and > for how silly past vulnerabilities were (i.e. looking at the coder > rather than the code) is now more important than the actual application. As with all web based technologies, security should be the foundation of the application > Much like their self criticism said, PHP needs to grow to a far more > secure language, much like we need to chose more carefully what PHP > software we use. Which self critism is this? > > Some of us have been joking for a while about creating a script to > choose from different paragraph we create, and email bugtraq > re-assembling the randomly with a new PHP bug and a random PHP > application name every few hours. Would any of us be able to readily > tell the difference? Perhaps we can do the same for linux kernel problems and blame it on C? Kind regards Kevin -- "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote."
