PHP Security Audit HOWTO

13 Jun 2005

I had a nice time in Vancouver, although my visit was very short. This conference only had one track, and this approach has some advantages. For example, the speakers are able to reference material from earlier talks and be reasonably assured that most people in the audience are able to follow. The main disadvantage is the lack of choice and variety, but this was alleviated somewhat by the fact that the entire conference was on such a specific topic.

My talk, the PHP Security Audit HOWTO was one of my most popular yet - I have received more positive feedback from this talk than any talk I've given to date. I think the widespread satisfaction is the result of two things - the conference was based entirely upon a topic that is my particular area of expertise, and my talk was more pragmatic than usual (I tend to recite a lot of theory when discussing security). As a result, I plan to make my talks a bit more practical and relax the theoretical purity. The perfect balance of theory and practicality is hard to find, but I'll start searching for it. :-)

The slides of my talk are currently available on Brain Bulb's web site:

I got to hang out with Bruce Perens quite a bit. Although we talked about a number of different things, software patents are clearly the major topic on his mind these days. He has written a good article called The Problem of Software Patents in Standards. It's worth reading.