The PHP Foundation is pleased to announce the completion of a comprehensive security audit of the PHP source code (php/php-src), commissioned by the Sovereign Tech Agency. This initiative was organized in partnership with the Open Source Technology Improvement Fund (OSTIF) and executed by the esteemed security group Quarkslab. Audit Overview Conducted over a two-month period in 2024, the audit encompassed: Development of a threat model tailored to php-src Manual code reviews Dynamic testing proc...