1) Actually I was invoking Meltcalf’s Law as a defense sarcastically. I hope that is clear.

2) PEAR’s XML_RPC exploit just shows that PEAR has the same deficiencies as any other project. I’m quick to make fun of it too. BTW, XML_RPC was just a straight port of another XMLRPC library to fit it into PEAR, I don’t think a code audit was done. After that, Stig had nothing to do with it and I distinctly remember it and the SOAP library languishing forever.

3) My issue with phpbb was how they handled what was clearly a regression on their end. The fact that it has “PHP” in their name causes a confusion in enterprises between the applications build on the language and the language itself. Note, I’m not advocating that phpbb change it’s name…Pandora’s box is open. Deal.

4) As for the blog posting of omissions in the Security Guide from the PHP Security Consortium, I remember it well and thinking that it should be addressed if true. In fact, my point in general is that the community should take security more seriously and act quicker on problems because the language is going to encourage sloppy coding.

However, Stefan Esser has his own agenda, and he’s a bitter young man at times. He’d get more bees with honey than with his abrasive manner.