Most security experts are responsible professionals and would not do that. However, since there is always people with bad intentions, what the good security experts usually do is to communicate the vulnerabilities to the developers responsible for affected software. Then they provide a new fixed version and only then it is announced to the public, so everybody can upgrade to a safer version.
The problem is that if people with bad intentions know about the discovered vulnerabilities before affected systems have time to upgrade, those systems may still be attacked, even by people that is not so knowledgeable about computer security.
This is why it is so important to be upto date with the latest security vulnerabilities that are brought to public.
For a long time I have been after a source of information that provided summaries about the latest vulnerabilities on the software products that I use.
Now I know that there are several sources that provided this service, but only recently I realized that one site provided the information in a format that I could syndicate and include in the PHP Classes site newsletter. This way, not only I could be made aware, but I could also share that benefit with the faithful users of the site.
As some of you may have already noticed, since a few days ago, the PHP Classes site newsletter includes the latest security vulnerabilities that the site SecuritySpace.com is reporting.
The good part is that despite they sell complete security audit services, you can still order tests for basic packages or individual vulnerabilities, completely free with no compromise.
At least you may be notified whether your sites are vulnerable without having to pay. Whether you decide to order more complete audit services will be up to you. That is the hope of SecuritySpace.com to provide this service for free, but you will not become tied to the service unless you really want to.
So, for now, if you are not a subscriber of the PHP Classes newsletter, to be kept upto date, you may just go on the newsletter page in the site to learn about the latest security vulnerabilities:
To be kept upto date about these new services of the site, I also added another new feature that provides you individual tips about the site resources. These tips will appear in some site pages and also in the newsletter and alert messages that you receive, like this one.
To learn all about the available site tips, you may go to this specific page in the site and read about it:
Finally, I also would like to share with you that one sign that the PHP community has been growing very well is the increasing number of international and regional PHP conferences.
Due to the great success of past editions, the PHP-Con conference will be returning to the US West cost in October again.
There is a call for presentation proposals going on that ends July 28th.
If you are considering to present something of interest to the PHP community, just rush to the this page to learn about the details. You do not need to prepare a presentation yet. For now you just need to propose a possible presentation from yourself.
Even if you are not US based, you may still consider proposing a presentation as this time the organization provides stipend to cover for hotel and travel expenses.