It’s not the number of bugs and vulnerabilities that will decide if a software is harmful or no, but the time that these vulnerabilities remain unfixed.
The month of PHP bugs is definitely the kind of initiatives that we should see more of them and encourage anyone who could help to make PHP more secure. Certainly anyone can agree or disagree with Stefan’s approach but I will never agree that we should stay watching only until someone will come with a miracle to resolve all vulnerabilities.
It’s important for example when you see until today there are 14 vulnerabilities discussed, 7 are not patched in February PHP Update that’s 50%, why some bugs are not considered harmful while they are ? until when will we keep ignoring XSS vulnerabilities.
Salute to March 2007, the month of PHP bugs.
