How much would you pay to make 30% of the web automatically more secure?

Every once in a while, we’ll hold a themed week of content here at SitePoint. We like the extra effort that goes into it, and it’s usually the area’s enthusiast who’s leading the charge - IoT week was led by Patrick Catanzariti and produced some super interesting esoteric results, and last week was Open Source Week, led by Elio Qoshi, one of the people behind OSCAL - a multi-cultural multi-contextual conference dedicated to open source technologies and solutions.

During such weeks, every channel focuses exclusively on the topic at hand, producing as many posts as possible. OSW was, while successful, rather difficult for us because - let’s face it - we usually already deal with open source code anyway - all our tutorials, and the packages and libraries we cover are open source, and we link to all the repos we mention in our posts. However, OSW provided us with another opportunity: the chance to talk about the effect of open source, and what it can do.

One of the more interesting topics we covered was a relatively recent proposal by CiPHPerCoder to build a PHP version of libsodium, a popular modern crypto-oriented library. He’s willing to do it for free, but is hesitant to release it to the public for everyone to use before having it audited by a third party - and formal audits cost a lot of money. Having this library as a PHP package, though, would dramatically increase the security of shared hosts and similar solutions, so all those insecure Joomla, Drupal, Wordpress and similar sites - you guessed it - instant upgrade!

Taking into consideration that the web is said to be 27% Wordpress, how much money would you pay to make 30%+ of the web a safer place? Really, consider it. Imagine the problems we’d prevent, the security breaches that would never happen, the face we’d save PHP (because you know there’s various muppets like Atwood out there just waiting to pounce on the smallest slip-up) if this were implemented.

So tell us - how much would you pay to make the web in general more secure? Oh and, for the full chat with Scott and his attempt at getting the community interested in participating in this audit, see this post.

I personally would not pay extra to make it more “secure”. For one you’ll be added extra bloatware on top of PHP and to me making a version of PHP to make more secure does the complete opposite. Just my opinion. I for one would like to see better basic programming by coders as a whole and the eradication of all the obsolete PHP tutorials on the web (though that will never happen). Just my .02 cents…

I believe you misunderstood - he’s planning to make a PHP package like any other, an optional one you can install into your packages if you want to. A viable alternative to mcrypt and other inferior security extensions / packages out there. So there’s no default bloat, but for systems that are bloated already, it’ll be a matter of replacing crappy security with better security.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.