As promised last year the initiative ‘Month of PHP bugs’ began on March 1st. Whereas previous efforts in the same vein — month of bugs for Mac, browsers and kernels — were new bugs, this PHP effort will include existing ones as well, some of which have already been reported. Calling its work “an effort to improve the security of PHP,” the Hardened-PHP Project throughout March will disclose a new vulnerability every day. “We will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core,” the group wrote on this Web site listing the bugs. As of Saturday, March 3, there are seven such flaws reported. Hardened PHP maintains that it will also use the experience to suggest ways to hone responses. “We will point out necessary changes in the current vulnerability management process used by the PHP Security Response Team,” the group wrote. Security