It’s Open Source Week at SitePoint! All week we’re publishing articles focused on everything Open Source, Free Software and Community, so keep checking the OSW tag for the latest updates. Scott Arciszewski, known on Twitter as CiPHPerCoder, is to security what Chris Hartjes is to unit testing.
He’ll pounce on insecure applications, libraries, and packages, find loopholes, problems, and wrong implementations, and help people fix them. He’s the main developer of several popular security-oriented packages, including but not limited to Halite for using libsodium in a more user friendly way, gpg-mailer for sending encrypted emails, random_compat, and more.
As a big fan of the PHP extension libsodium, he’s currently trying to gauge interest from the wider community in contributing funds to a professional audit of a PHP version. In a nutshell, Scott wants to donate his time to write the PHP version polyfill (which would use libsodium as an extension, if installed), but wants to pay for a professional audit of his work in order to make sure it really is maximally secure. Here’s the thing though – professional code reviews are insanely expensive.
Scott
Source: https://managewp.org/articles/13903/modern-cryptography-and-wordpress
source https://williechiu40.wordpress.com/2016/11/26/modern-cryptography-and-wordpress/
No comments:
Post a Comment