The PHP Foundation has launched a dedicated Ecosystem Security Team, funded by a grant from Alpha-Omega (an OpenSSF/Linux Foundation initiative). Volker Dusch, PHP 8.5 Release Manager and former PHPUnit maintainer, will lead the effort as Ecosystem AI Security Engineer in Residence for a six-month full-time role. The team's mandate includes triaging vulnerability reports, building security tooling, supporting under-resourced maintainers, and helping the PHP ecosystem adopt modern security practices. The initiative is partly driven by the rise of AI-generated vulnerability reports, which are increasing pressure on volunteer maintainers of small or unmaintained projects.
Sort: