News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Reddit.com:
PHP library authors Have you considered to arrange security bug bounties?
August 06, 2014 @ 10:39:00

In this new post to Reddit.com Timoh suggests something that could definitely help improve the overall security of the PHP ecosystem - a bug bounty system, providing libraries and projects an easy way to security-related submissions for their code.

To encourage software security research on the open-source PHP libraries we use everyday, I have been brainstorming the possibilities for us, the code authors, to start to offer security bug bounties on the projects we maintain. It is a shame such a few PHP projects encourages security research by offering bug bounties, and I think it doesn't have to be this way.

He describes his ideas for the system including the ability to offer both monetary bounties and other kinds of recognition as well. Comments on the post are largely supportive, agreeing with him that it can definitely help things. He also makes the suggestion of getting frameworks with corporate backings (like Zend Framework and Symfony) to be some of the leaders and be an example to other projects and get them on board. What do you think? Add your own thoughts and suggestions about the project to the mix!

0 comments voice your opinion now!
bugbounty service project library zendframework symfony bounty recognition

Link: http://www.reddit.com/r/PHP/comments/2cpu6v/php_library_authors_have_you_considered_to/

blog comments powered by Disqus

Similar Posts

Pádraic Brady's Blog: OpenID library for the Zend Framework?

Kevin Schroeder's Blog: ZendCon 2010 Podcast - Introducing Zend Framework 2.0

Nurul Ferdous' Blog: Here is my 2 cents on Doctrine (ORM)

Zend Developer Zone: Manipulating Configuration Data with Zend_Config

Stoyan Stefanov's Blog: Automating HTTPWatch with PHP


Community Events





Don't see your event here?
Let us know!


language community podcast zendserver list api application introduction threedevsandamaybe developer framework interview tips series symfony laravel deployment development code release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework