New Consortium Aims to Set PHP Security Standards

NEW YORK — A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

The newly formed PHP Security Consortium, created in response to the recent Santy worm outbreak that besieged phpBB bulletin boards across the Internet, intends to publish a variety of articles focused on security proofing PHP code and also audit commonly used PHP-coded applications

“PHP application security is a topic of growing important,” said Andi Gutmans, a charter member of PHPSC and one of the co-founders of Zend, a company that specializes in offering enterprise-ready PHP solutions.

“The launch of the PHP Security Consortium is a landmark even for the PHP community, and because most web development technologies face similar security concerns, we believe that developers using other solutions can also benefit from our efforts,” Gutmana said.

The group’s creation was spurred by a bevy of recent high-profile security flaws found in third-party applications, which the group says has hurt the credibility of PHP and the growing PHP scripting community.

Commonly used for allowing web pages to interact with MySQL databases, the 10-year-old open-source scripting language has experienced explosive growth recently, with companies like Yahoo, Lycos, Disney and Deutsche Lufthansa adopting its use for everything from simple web access to complex electronic ticketing systems.

“As PHP has transitioned from personal project to enterprise application development, the need to educate the community about secure programming practices has risen,” said PHPSC founder Chris Shiflett.

Shiflett, who is also the creator of PHPCommunity.org and sits on the Zend PHP Advisory Board, said that one of the biggest problems for the PHP community is the perception that the language is unsuitable for secure web use.

“There’s this odd tendency in the PHP community to call everything PHP, even if it’s just a third-party application written in PHP,” Shiflett said. “We saw this happen with the phpBB issue, even though it had nothing to do with a security problem in PHP.”

According to Shiflett, the new group will also be involved in experimental research in order to develop standards of best practice for PHP application development in addition to publishing documentation and tools to help prospective PHP programmers.

“Because PHP has a very low barrier to entry, a lot of inexperienced developers are using it for their solutions,” Shiflett told eWeek. “They don’t tend to understand Web application security and they’re creating application with serious vulnerabilities.

“There is this urgent need to educate these developers and provide them with resources to get up to speed,” Shiflett said.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Segpay Partners With Corey Silverstein for Legal Services

Segpay has partnered with adult industry attorney Corey D. Silverstein for specialized legal compliance and policy support for its merchant network.

AEBN Reveals Kasey Kei as Top Trans Star for Q2 of 2026

AEBN has named its top trans stars for the second quarter of 2026, with Kasey Kei landing atop the leaderboard.

Missouri Governor Signs Bill Making AV Regulations State Law

Missouri Governor Mike Kehoe signed a bill into law on Thursday requiring adult websites to age-verify users in the state, finalizing a legislative “stamp of approval” for AV rules after Missouri’s attorney general unilaterally imposed similar regulations last year.

Utherverse Launches 'Adult Game Fest' Virtual Convention

Virtual reality and metaverse technology company Utherverse is launching its inaugural Adult Game Fest convention and trade show, taking place Sept. 24-26.

Ofcom Fines Fapello $845,000 for AV Noncompliance

U.K. media regulator Ofcom on Thursday imposed a fine of 630,000 pounds (about $845,000) against adult website fapello.com for failing to comply with provisions of the Online Safety Act.

KiwiSourcing Joins Pineapple Support as Sponsor

Outsourcing and consulting firm KiwiSourcing has joined the ranks of over 70 adult businesses and organizations committing funds and resources to Pineapple Support.

AdultHTML Introduces AI-First Development Services

AdultHTML has introduced an AI-first development service, giving clients access to experienced software developers who use AI to streamline software development.

Texas Court Orders Adult Site Domain Locked for AV Violations

A district court in Texas has issued a writ requiring domain registry Verisign to “lock” an adult website’s domain over noncompliance with the state’s age verification law.

Adult Web Hosting Service 'QloudHost' Launches

QloudHost, a new web hosting service for adult websites, has launched.

Peter Hooke Launches New Paysite

Peter Hooke has launched an official website through PAYSITE.

Show More