PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Pádraic Brady: PHP Security, Authorative Knowledge and Combining Forces

Note: This article was originally published at PHPDeveloper on 5 September 2012.
PHPDeveloper

In this new post to his blog Pádraic Brady has proposed a "combining of forces" in the PHP community centered around promoting best practices in the security of PHP applications.

Once you start to dig around PHP Security in earnest, you begin to notice trends and patterns in how programmers behave and accumulate knowledge. The most obvious feature of PHP culture is that we do not have an active "leadership" in security. There is no appeal to authority in PHP security debates, only personal opinions informed by a nebulous entity called "They". There are individuals that I have learned to trust and that's about as far as we can go. [...] In the PHP community, the Authorative Knowedge for PHP Security is derived from a concensus. A concensus based on published articles, the practices of libraries and frameworks, printed books, and the vague meandering thoughts of whoever you follow on Twitter. In other words, our current Authorative Knowledge is you.

He notes that this "everyman security expert" hasn't proven to be the best method for increasing the overall security awareness of PHP developers, so he's proposing something different: the "PHP Security Technical Group (SECTG)".

It's a group of members who share a common interest in sharing information, performing research, publishing articles/newsletters, and generally taking advantage of resource pooling without giving up their individual interests - all towards accomplishing some common goal, i.e. creating or emphasising new Authorative Knowledge. The phrase "Unofficial" is implicit in the group name - this is not an official PHP entity.

If you're interesting in joining in on the cause, you can sign up for the mailing list and get more information as it comes.