Comments on: the insecure nature http://php100.wordpress.com/2008/04/13/the-insecure-nature/ What if... Thu, 24 Jul 2008 19:24:22 +0000 http://wordpress.org/?v=MU By: Top Posts « WordPress.com http://php100.wordpress.com/2008/04/13/the-insecure-nature/#comment-12979 Top Posts « WordPress.com Tue, 15 Apr 2008 00:01:14 +0000 http://php100.wordpress.com/?p=41#comment-12979 [...] the insecure nature I saw in Ben Ramsey’s blog the link to the eWeek’s “100 Most Influential People in IT” list and [...] [...] [...] the insecure nature I saw in Ben Ramsey’s blog the link to the eWeek’s “100 Most Influential People in IT” list and [...] [...]

]]> By: Stas http://php100.wordpress.com/2008/04/13/the-insecure-nature/#comment-12976 Stas Mon, 14 Apr 2008 16:27:50 +0000 http://php100.wordpress.com/?p=41#comment-12976 The security always were a priority. Well, one of the priorities of course, since there are others - such as usability, etc. The security always were a priority. Well, one of the priorities of course, since there are others - such as usability, etc.

]]> By: Bill Karwin http://php100.wordpress.com/2008/04/13/the-insecure-nature/#comment-12974 Bill Karwin Mon, 14 Apr 2008 14:52:45 +0000 http://php100.wordpress.com/?p=41#comment-12974 I wouldn't assign too much significance to the word choice in the article. Authors sometimes have to finish their article under time pressure, and they don't always have a perfect understanding of every issue they cover. They do their best given the circumstances. I guess one interpretation, however, could be that bringing a collection of security-related bugs to greater exposure raised some consciousness in the PHP community that security should be a priority. I had a conversation with some other developers last ZendCon in which I shocked them by saying that security was not usually a priority in most IT projects. The group quickly said, "no, it's very important, we need to urge people to pay attention to it!" I said, "yes, exactly. It is very important, but the fact that projects need to be urged to pay attention to it says that it isn't already a priority in those projects." I wouldn’t assign too much significance to the word choice in the article. Authors sometimes have to finish their article under time pressure, and they don’t always have a perfect understanding of every issue they cover. They do their best given the circumstances.

I guess one interpretation, however, could be that bringing a collection of security-related bugs to greater exposure raised some consciousness in the PHP community that security should be a priority.

I had a conversation with some other developers last ZendCon in which I shocked them by saying that security was not usually a priority in most IT projects. The group quickly said, “no, it’s very important, we need to urge people to pay attention to it!” I said, “yes, exactly. It is very important, but the fact that projects need to be urged to pay attention to it says that it isn’t already a priority in those projects.”

]]> By: gasper_k http://php100.wordpress.com/2008/04/13/the-insecure-nature/#comment-12973 gasper_k Mon, 14 Apr 2008 08:16:04 +0000 http://php100.wordpress.com/?p=41#comment-12973 Agreed, the statement "forced a rethink of security in the OS world" sounds rather silly. It actually sounds as if Stefan's work had notable consequences much further than in PHP; that security experts in all OS projects stopped working what they were doing, and started thinking from a different perspective -- the Sefan Esser Perspective. He caused a revolution in the security of OS. And, if nothing else, does the phrase "security in the OS world" even have a reasonable meaning? Shouldn't security come with a context, be it an operating system, library, program or whatever? One can't say "open-source software is insecure", or even "is secure", because being secure (or not) just isn't a property of open source software. I respect Stefan's work, but this is just plain nonsense. Agreed, the statement “forced a rethink of security in the OS world” sounds rather silly. It actually sounds as if Stefan’s work had notable consequences much further than in PHP; that security experts in all OS projects stopped working what they were doing, and started thinking from a different perspective — the Sefan Esser Perspective. He caused a revolution in the security of OS. And, if nothing else, does the phrase “security in the OS world” even have a reasonable meaning? Shouldn’t security come with a context, be it an operating system, library, program or whatever? One can’t say “open-source software is insecure”, or even “is secure”, because being secure (or not) just isn’t a property of open source software.

I respect Stefan’s work, but this is just plain nonsense.

]]> By: Lux http://php100.wordpress.com/2008/04/13/the-insecure-nature/#comment-12971 Lux Mon, 14 Apr 2008 05:10:23 +0000 http://php100.wordpress.com/?p=41#comment-12971 Indeed, saying that he "exposed the insecure nature of the PHP language" is completely inflammatory, because it suggests that PHP is inherently insecure compared to other languages, which is untrue. Of course, being an "enterprise" weekly, the author must have a bias towards more "secure" and enterprisey languages... ;) Indeed, saying that he “exposed the insecure nature of the PHP language” is completely inflammatory, because it suggests that PHP is inherently insecure compared to other languages, which is untrue. Of course, being an “enterprise” weekly, the author must have a bias towards more “secure” and enterprisey languages… ;)

]]>