Charlton's Blog

Thoughts on the PHP Core Breach

In summary: It's complicated. I shared my thoughts on the path forward.

Published: Apr 13, 2021
Category: Publications, Security

In my working life as a so-called “Senior Application Security Consultant”, I spend a lot of time breaking software, training development teams, and designing improved processes/tooling to generally make the security of seriously critical systems better overall.

Anyways, I’m writing this post to direct people’s attention to an extremely in-depth and detailed writeup I produced on the PHP Core breach back in March of 2021. Check it out here: (PDF)

In broad strokes, I cover the following topics:

I put a whole lot of thought and effort into this, so I hope it’s both informative and thought-provoking. If you enjoyed it and want to share your thoughts, hit me up via email!