March To Be Month of PHP Bugs

PHP writes "Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). During an interview with SecurityFocus he announced the upcoming Month of PHP bugs initiative in March." Quoting: "We will disclose different types of bugs, mainly buffer overflows or double free (/destruction) vulnerabilities, some only local, but some remotely triggerable... Additionally there are some trivial bypass vulnerabilities in PHP's own protection features... As a vulnerability reporter you feel kinda puzzled how people among the PHP Security Response Team can claim in public that they do not know about any security vulnerability in PHP, when you disclosed about 20 holes to them in the two weeks before. At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical. Additionally a few of the reported bugs have been known for years among the PHP developers and will most probably never be fixed. In total we have more than 31 bugs to disclose, and therefore there will be days when more than one vulnerability will be disclosed."

So, PHP means ?

[Rastignac]

Public Holes Publication, isn't it ? ;)

Huh

[Anonymous Coward]

I thought every month was PHP Bugs month?

Re:great...

[julesh]

Yep. This is going to be fun^Wannoying.

i suggest for next month

[Anonymous Coward]

month of PCP bugs. i see them all over my skin and i can't scratch them off! SOMEONE HELP ME

Wait...

[kahei]

Only a month?

Ha ha, yes, thank you, I'll be here all week, bringing predictable yet mildly amusing banter. In fact, I'll be here all year. The whole of my life, probably. *breaks down and cries*

Re:great...

[elrous0]

Hey, my un-fashionable use of Perl finally pays off!

[Ducks down and hopes next month isn't the "31 days of Perl Bugs"]

-Eric

Coming in April

[bill_mcgonigle]

"Month of Shooting Fish In a Barrel"

At least the Month of Apple Bugs was a hard target to go after.

Re:great...

[Joebert]

Hi kids! Would you like to script this? (Yeah yeah yeah!)
Wanna see me shoot chocolate milk from each one of my eyelids? (Uh-huh!)
Wanna copy this and paste exactly like I did? (Yeah yeah!)
Try the wrong CID and get fucked up worse that my code is? (Huh?)
My mouse's dead weight, I'm tryin to get my story straight
but I can't figure out which Administrator I want to impersonate (Ummmm..)
And Dr. Phil said, "Failure is no accident."
Uh-huhhh! "Then why's your hands red? Man you busted!"
Well at age twelve, I learned HTML
Hacked my robodog to fetch the paper while I sit here in my shell
Got pissed off and organized a massive DDoS
Smacked the web so hard people lost their job at Bluefrog
I pay a crackhead to mow my grass
Hacking my mower would still require me to go get gas !
C'mere slut! (hey wait a minute, that's my goat dog!)
I don't give a fuck, naggin bitches just piss me off !

Re:So, PHP means ?

[daeg]

Don't you mean \\\\\\\\\'magic quotes\\\\\\\\\'?