PHP Security Consortium
PHP Security Consortium
The PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community.Notification Policy
- The vulnerability is verified with the minimum amount of experimentation and testing.
- A clear exploit is developed.
- A member of the PHP Security Consortium contacts the appropriate parties in order to provide the exploit as well as establish a clear channel of communication.
- We reserve the right to notify the appropriate parties before a vulnerability can be verified.
Public Disclosure Policy
- When we are aware of a public exploit, we will release as little information as necessary to promote the correction of affected systems.
- When we are not aware of any public exploit, we will not disclose any information until after corrective measures are available for affected systems or after a period of four weeks has expired. We will work with the appropriate parties to offer corrective measures as soon as possible, and we reserve the right to grant an extension.
About the PHP Security Consortium
Founded in January 2005, the PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards.
In addition to their educational efforts, the PHPSC engages in exploratory and experimental research in order to develop and promote standards of best practice for PHP application development.