As I’ve mentioned before, eWeek is my favorite industry news magazine. So, when Chris Shiflett mentioned to me yesterday that eWeek contacted him in regard to the PHP Security Consortium (PHPSC), I was ecstatic. It appears that the folks at eWeek have been keeping tabs on PHP–not that they don’t cover open source technologies; on the contrary, they give generous attention to the open source movement and Linux. I was just a little bit surprised to see them interested in covering PHP.
Today, eWeek published the article on their Web site, a very quick turn-around. The article addresses the PHPSC from the angle of security in terms of the recent Santy worm (most likely because the author saw this as an excellent way to follow up on an earlier article about the worm):
bq. The formation of the consortium was triggered by the recent Santy worm attack against Web forums running phpBB, a message board software written in PHP.
The problem with this angle is that the PHPSC was announced on December 7, while Santy was released on December 20.
Although the Santy worm created some extremely negative press for PHP, due mainly to the untimely release of security fixes in the PHP language itself, the article is quick to correct this FUD, and for that I commend them.
Nevertheless, the creation of the PHPSC could not have been more timely. There are many PHP applications out there suffering from poor coding practices, and the goal of the PHPSC is to remedy this through educating people and exposing vulnerabilities. The article does an excellent job of promoting this goal of the consortium.
Overall, it’s a good read, and it’s good press, which is even better.