A little over a month ago, I mentioned the PHP security experiments that I've been conducting. I also solicited volunteers to help with my research.
Many gracious PHP experts from around the world have offered their aid. I did not expect such a response (nor all of the attention that this has received), but I appreciate everyone's interest. I want to keep this group small, and I want to make sure that I only involve people with high ethical standards, so I have chosen a handful of people that I know - either personally or by reputation (through their involvement with and/or contributions to the PHP community). This doesn't mean that I don't trust the others, and it's very likely that more people will have a chance to be involved later, because it looks like this may turn into something much more than a research group.
In addition to myself, the following people are volunteering their time to help promote sound security practices within the PHP community:
- Ammar Ibrahim
- Andi Gutmans
- Ben Ramsey
- Christian Wenz
- Daniel Kushner
- Ivan Ristic
- Marcus Whitney
- Paul Reinheimer
Because Ben is proposing a talk to be given at PHP Quebec that discusses our research, discoveries, and progress, we have chosen a name for the group - the PHP Security Consortium. We're still just a small group of people conducting some research, but now Ben has something to call us in his proposal.
In addition to conducting research, we have plans to provide several PEAR modules, improve a few others, generate plenty of documentation, and speak at user groups and conferences - all with the intention of educating the PHP community about security concerns (both old and new) and providing tools and best practices to help promote secure application development.