PHP Security Consortium

Now here is something interesting. Anyone who really knows me knows I am not a fan of PHP. I have seen WAY to many insecure projects written in the language, and it drives me batty. In my circle of influence I have seen way to many non-programmers (ie: web designers, script writing server admins etc) think they are developers by jumping on the PHP bandwagon... its been rather ridiculious.

The failure hasn't been the language itself (although there is a lot to be said about the weaknesses in the language that almost PROMOTE insecure design), but how its been applied by the programmer.

Well, I was impressed to hear that the PHP Security Consortium was formed this month to battle this. The website says that the consortium is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the consortium seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards.

This is a positive move for the language. Lets hope the effort to educate the PHP community causes a rippling effect and promote the fixing of many of the problems that exist in the tools and technologies that reside there today.

Congratulations to the PHPSC, and good luck.