[News]Month of PHP Bugs

Month of PHP Bugs 开始了！

今天SE已经发布了第一弹

http://www.milw0rm.com/exploits/3394

接下来还有什么更多的惊喜呢？!


Hardened-PHP的SE一直是PHP安全方面的权威，也是我和许多朋友非常佩服的人。

昨天SE宣称，3月将是Month of PHP Bugs,而他也确实开始行动了，首先以一个POC拉开了序幕！

对PHP的研究，目前已经深入到了PHP core,比较大的漏洞，一般都是从PHP core中找出来的。

继续密切关注中。。。


zz from Hardened-PHP:

01. March 2007


The Hardened-PHP Project is proud to announce the beginning of the Month of PHP Bugs. This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability managment process used by the PHP Security Response Team.




The initiative's webpage is located at: www.php-security.org