Every once in a while, we’ll hold a themed week of content here at SitePoint. We like the extra effort that goes into it, and it’s usually the area’s enthusiast who’s leading the charge - IoT week was led by Patrick Catanzariti and produced some super interesting esoteric results, and last week was Open Source Week, led by Elio Qoshi, one of the people behind OSCAL - a multi-cultural multi-contextual conference dedicated to open source technologies and solutions.
During such weeks, every channel focuses exclusively on the topic at hand, producing as many posts as possible. OSW was, while successful, rather difficult for us because - let’s face it - we usually already deal with open source code anyway - all our tutorials, and the packages and libraries we cover are open source, and we link to all the repos we mention in our posts. However, OSW provided us with another opportunity: the chance to talk about the effect of open source, and what it can do.
One of the more interesting topics we covered was a relatively recent proposal by CiPHPerCoder to build a PHP version of libsodium, a popular modern crypto-oriented library. He’s willing to do it for free, but is hesitant to release it to the public for everyone to use before having it audited by a third party - and formal audits cost a lot of money. Having this library as a PHP package, though, would dramatically increase the security of shared hosts and similar solutions, so all those insecure Joomla, Drupal, Wordpress and similar sites - you guessed it - instant upgrade!
Taking into consideration that the web is said to be 27% Wordpress, how much money would you pay to make 30%+ of the web a safer place? Really, consider it. Imagine the problems we’d prevent, the security breaches that would never happen, the face we’d save PHP (because you know there’s various muppets like Atwood out there just waiting to pounce on the smallest slip-up) if this were implemented.
So tell us - how much would you pay to make the web in general more secure? Oh and, for the full chat with Scott and his attempt at getting the community interested in participating in this audit, see this post.