Charlton's Blog

Thoughts on the PHP Core Breach

In summary: It's complicated. I shared my thoughts on the path forward.

Published: Apr 13, 2021
Category: Publications, Security

In my working life as a so-called “Senior Application Security Consultant”, I spend a lot of time breaking software, training development teams, and designing improved processes/tooling to generally make the security of seriously critical systems better overall.

At work, our clients tend to be prominent companies that, on a large scale, play important roles in the lives of everyday people. I feel a great sense of purpose in the scale and impact of my work: In my own way, I do what I do because it helps people be safe. It’s a humbling role, one defined by a responsibility to both those clients and their users.

Anyways, I’m writing this post to direct people’s attention to an extremely in-depth and detailed writeup I produced on the PHP Core breach back in March of 2021. Check it out here:

In broad strokes, I cover the following topics:

I put a whole lot of thought and effort into this, so I hope it’s both informative and thought-provoking. If you enjoyed it and want to share your thoughts, hit me up via email!