PHP Community Steps to Stop Installation of Libraries with Unpatched Bugs [bleepingcomputer]
by CIRT Team
Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem.
Under the name of FriendsOfPHP, this group has created a database that includes references and details for known security vulnerabilities affecting various PHP projects and libraries.
The purpose of this database is to provide a giant guide of what versions of what PHP project or library is safe to use or safe to update to.
New project tackles security advisories in the PHP world
This project, known under the simple name of the PHP Security Advisories Database, is slowly starting to become more popular on GitHub.
The PHP Security Advisories Database is also at the heart of the Roave Security Advisories, a Composer-ready PHP library that can be embedded within any PHP project.
“Roave/SecurityAdvisories uses FriendsOfPHP as its data source to build a conflicting set of require statements to prevent insecure dependencies from being installed,” Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise, told Bleeping Computer.
This means that any PHP developer can embed this library in his PHP project and prevent the accidental deployment of vulnerable code.
For more, click here.