March is the Month of PHP Bugs. The Project’s goal is to improve PHP security. The bugs they are announcing each day are bugs with the core PHP code itself, not just poor coding practices of various PHP applications out there. A lot of this was sparked when Stefan Esser resigned from the PHP Security Response Team several months ago. (You can read an interview with him here.) He felt issues were not being addressed promptly enough or being ignored – and so we now have the Month of PHP Bugs.
My thoughts on PHP are conflicted. I used to be a big fan of PHP apps, they seemed to solve a lot of problems for me at work or other places (i.e. this blog is PHP based). But then I started to do some work with the Fedora Infrastructure team who had a poor opinion of PHP based on its security track record. I still use PHP applications, but I do tend to look for alternatives when I can. My PHP work apps are internal applications and safely behind the firewall. The publicly exposed PHP apps I use tend to be for personal use and are installed at my hosting provider who provides me the lazy path to updates through the one-click installs. So at least the path to upgrade is just a few clicks away.
In either case – looks like March might be a busy time for admins with a large number of publicly exposed PHP applications.