[nycphp-talk] PHP Pentration Discussion
Chris Shiflett
shiflett at php.net
Sat May 28 16:58:17 EDT 2005
Rolan Yang wrote:
> What do you think if there was some sort of "security seal of approval"
> applied to scripts in a code archive?
It's a good idea but hard to achieve in practice. This requires that the
code be audited and approved by a person or group of people qualified to
do so. What criteria must one meet to be qualified to make such a
judgment? Even assuming that a qualified group existed, how do they
choose which code to audit? There is a lot of PHP code out there, and
auditing code takes a very long time.
> I think having a library of secure code bits would be invaluable to all
> php programmers.
While not code, the PHPSC has tried to do this sort of thing with online
resources, linking to resources that we feel can help security-conscious
PHP developers (many resources are counter-productive, as Adam warned
against). The result of this is a small library of links:
http://phpsec.org/library/
It's nothing earth-shattering, but you can at least feel a bit more
comfortable knowing that a few people reviewed each of these resources
and believe that there is something useful there.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list