Stefan Esser retires from PHP security response team

Andy Armstrong andy at
Mon Dec 11 20:26:07 GMT 2006


     The reasons for this are many, but the most important one is  
that I have
     realised that any attempt to improve the security of PHP from  
the inside
     is futile. The PHP Group will jump into your boat as soon you  
try to
     blame PHP's security problems on the user but the moment you  
     the security of PHP itself you become persona non grata. I stopped
     counting the times I was called immoral traitor for disclosing  
     holes in PHP or for developing Suhosin.


Andy Armstrong,

More information about the mailing list