p. Alistair Glen “Woolie” Wooldrige has posted a short but interesting article on what he sees as the main contributor to the impression that PHP is insecure.

p. secunia.com released an advisory today on 11 security vulnerabilities in PHP versions prior to PHP 5.2.2.

p. The following phpMySQL security advisory was released today on the Secunia Security Advisory list.

p. Ed Finkler, the author of PHPSecInfo, blogger, and all around nice guy, has posted his “PHP Application Insecurity Top 20″.

p. PhpSecInfo v0.2.1 is now available. It’s primarily a bugfix release, but a fairly significant one.

p. Stefan Esser posted on his blog today about a problem he has discovered in code that he was auditing recently. The problem he discusses is in the way regular expressions are written and the modifiers that may or may not be applied.

p. HTML editors are special form fields that allow Web site users to visually edit (WYSIWYG) rich text content formatted with HTML tags. HTML editors are powerful, but without proper security care, sites may be abused.

p. Chris Shiflett and Laura Thompson both announced on their blogs that during the lightning talks at last night’s PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007. This ambitious effort will distribute $100,000 to worthy projects.

A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing document in the Plone Documentation system, one that I feel is indicative of a much larger problem in the web app dev community.

p. Ed Finkler pinged me this morning about a couple of news items relating to PHPSecInfo. Click on inside, I’ll give you the scoop.