Hi all,
I'm Matt Tait; a security researcher at Google, and I'm quite interested in
looking at and helping to build new security-related features within PHP;
i.e. features that reduce the likelihood that deployments of PHP end up
being hacked.
In the short term, I'm quite interested in looking at ensuring that all of
the compiler and operating-system security features are enabled by default,
and later I hope to be looking at both hardening the PHP core against
various categories of memory-corruption vulnerability. Hopefully this work
will also end up improving the performance and security of various parts of
PHP core.
In the longer-term I'm also interested in building user-visible features
for PHP that would allow developers who want or need to deploy PHP to
sensitive environments to prevent certain categories of error across their
entire codebase (such as SQL injection and so on) that are commonly used by
hackers. This would be particularly useful for many less-technical
companies who are worried about hackers, but unable to ensure that every
component they plug in to their website is coded with security-in-mind.
I look forward to working with you all to make PHP a better product for PHP
developers and website owners!
Cheers,
Matt
Hi all,
I'm Matt Tait; a security researcher at Google, and I'm quite interested in
looking at and helping to build new security-related features within PHP;
i.e. features that reduce the likelihood that deployments of PHP end up
being hacked.In the short term, I'm quite interested in looking at ensuring that all of
the compiler and operating-system security features are enabled by default,
and later I hope to be looking at both hardening the PHP core against
various categories of memory-corruption vulnerability. Hopefully this work
will also end up improving the performance and security of various parts of
PHP core.In the longer-term I'm also interested in building user-visible features
for PHP that would allow developers who want or need to deploy PHP to
sensitive environments to prevent certain categories of error across their
entire codebase (such as SQL injection and so on) that are commonly used by
hackers. This would be particularly useful for many less-technical
companies who are worried about hackers, but unable to ensure that every
component they plug in to their website is coded with security-in-mind.I look forward to working with you all to make PHP a better product for PHP
developers and website owners!
Sounds great.
There is some intro info along with the git account request form here:
http://php.net/git-php.php
-Rasmus