I know that PHP is often the whipping boy of programming languages, at least from the perspective of Software Security--and with good reason. To address the situation, a PHP Security Consortium has been launched. There's an eWEEK.com article on the topic available at: http://www.eweek.com/article2/0,1759,1758408,00.asp
Among other things, the group, "plans to promote secure programming practices among developers and set up a one-stop shop for documentation, tools and standards." Sounds to me like a step in the right direction, at least. Anyone here involved in that effort? Any comments/opinions? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
