In the context of open source, the idea of secrecy and hoarding makes me uncomfortable. If you’re serious about open source and producing high-end value, it probably makes you uncomfortable too.
In June, we were informed of a potential PHP security issue through responsible disclosure, With the prospect of the exploit being publicly known, swift action was required. Within weeks, TYPO3 had a solution in place to keep the project safe: the PharStreamWrapper. Sam Thomas then demonstrated the vulnerability at the annual Black Hat security event in August (full disclosure).
TYPO3 decided to take this a big step further and prepared a separate Composer package: The security solution was extracted from the TYPO3 core and is now available as a stand-alone package for other open source developers to download (for free) and to use for keeping any PHP driven project safe.
Together we are stronger!