Ed Finkler agrees with me
From Pro PHP Podcast:
Q: What do you think are the three largest failings of PHP and Security?
“I agree with some things that Terry Chay has said about this: that the things that tend to make PHP insecure also tend to be the things that make PHP easy to work with.”
—Ed Finkler, PHP Security Expert, CERIAS
Thanks Ed. 
Listen to the podcast. It’s a realistic assessment of the state of security in PHP.
[Some comments after the jump.]
Favorite quote:
“If web developer doesn’t understand common security issues they shouldn’t be considered developers…[Web appications] essentially are dealing with data that someone is inputting there. As a developer of web applications, you are stewards of that data.”
—Ed Finkler, PHP Security Expert, CERIAS
Ed also mentions asking security questions in interviews (which I do). Perhaps I’ll talk about some of them in a future blog entry.
May 1st, 2007 at 5:06 am
Terry Chay’s Blog: Ed Finkler agrees with me…
…
May 1st, 2007 at 10:02 am
[...] Chay has some of his own comments surrounding the latest episode of the Pro::PHP Podcast, an interview with Ed Finkler about the [...]
June 18th, 2007 at 1:53 pm
[...] Ed didn’t oblige me like he did last time. But luckily for me, Sean and Paul did. With Cal’s PHP Abstract now on the air, the busy [...]
October 1st, 2007 at 11:44 am
[...] know Ed’s some some hot shit security expert, but I think he should write a book on AIR… for WROX. Don’t [...]
February 4th, 2008 at 9:11 pm
[...] actually don’t have much a problem with global variables. The reason this is a security problem is far more subtle than being [...]
February 8th, 2008 at 3:09 pm
[...] actually don’t have much a problem with global variables. The reason this is a security problem is far more subtle than being [...]