Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121135
Return-Path: <derick@php.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15988 invoked from network); 25 Sep 2023 08:49:44 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 25 Sep 2023 08:49:44 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 3164D1804D0
	for <internals@lists.php.net>; Mon, 25 Sep 2023 01:49:44 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,SPF_HELO_PASS,
	SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS30827 82.113.144.0/20
X-Spam-Virus: No
X-Envelope-From: <derick@php.net>
Received: from xdebug.org (xdebug.org [82.113.146.227])
	by php-smtp4.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Mon, 25 Sep 2023 01:49:43 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1])
	by xdebug.org (Postfix) with ESMTPS id C18A910C4BA;
	Mon, 25 Sep 2023 09:49:42 +0100 (BST)
Date: Mon, 25 Sep 2023 09:49:42 +0100 (BST)
To: PHP Developers Mailing List <internals@lists.php.net>
cc: PHP Security List <security@php.net>
Message-ID: <98cb519e-4b45-5069-9f48-6e78dddf3284@php.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Subject: Security Audit Priorities
From: derick@php.net (Derick Rethans)

Hi,

The Foundation is organising an external audit/security check of the PHP 
source code. As part of that, we would like to identify the places in 
the PHP source code where checking this will have the most impact.

Typical areas would be where user input can be (automatically read) remotely, such as 
our RFC 1867 HTTP header parser. But we are sure there are other 
important areas as well, and we would like your input.

So, if you can suggest an area where doing an external review would have 
high impact, please reply to this email.

cheers,
Derick

-- 
https://derickrethans.nl | https://xdebug.org | https://dram.io

Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support
Host of PHP Internals News: https://phpinternals.news

mastodon: @derickr@phpc.social @xdebug@phpc.social
twitter: @derickr and @xdebug