[nycphp-talk] PHP Pentration Discussion
inforequest
1j0lkq002 at sneakemail.com
Sat May 28 18:01:45 EDT 2005
I wonder which security professional would want her name on software as a "seal of approval" anyway. Imagine the consequences if, despite code passing all "best practice" checks, such "aproved" code was hacked with high profile consequences?
Poof. Bye bye career.
-----Original Message-----
From:
"Chris Shiflett shiflett-at-php.net |nyphp dev/internal group use|" <...>
Sent: May 28, 2005 4:58 PM
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] PHP Pentration Discussion
Rolan Yang wrote:
> What do you think if there was some sort of "security seal of approval"
> applied to scripts in a code archive?
It's a good idea but hard to achieve in practice. This requires that the
code be audited and approved by a person or group of people qualified to
do so. What criteria must one meet to be qualified to make such a
judgment? Even assuming that a qualified group existed, how do they
choose which code to audit? There is a lot of PHP code out there, and
auditing code takes a very long time.
More information about the talk
mailing list