Hi all, I'm Matt Tait; a security researcher at Google, and I'm quite interested in looking at and helping to build new security-related features within PHP; i.e. features that reduce the likelihood that deployments of PHP end up being hacked.
In the short term, I'm quite interested in looking at ensuring that all of the compiler and operating-system security features are enabled by default, and later I hope to be looking at both hardening the PHP core against various categories of memory-corruption vulnerability. Hopefully this work will also end up improving the performance and security of various parts of PHP core. In the longer-term I'm also interested in building user-visible features for PHP that would allow developers who want or need to deploy PHP to sensitive environments to prevent certain categories of error across their entire codebase (such as SQL injection and so on) that are commonly used by hackers. This would be particularly useful for many less-technical companies who are worried about hackers, but unable to ensure that every component they plug in to their website is coded with security-in-mind. I look forward to working with you all to make PHP a better product for PHP developers and website owners! Cheers, Matt
