In Depth Analysis of Open Source CMS Security

By Mike Johnston January 19, 2012 (Updated: June 6, 2013) Articles and Editorials

Recently, I was contacted by the author of an incredibly detailed analysis of open source CMS security. As part of this breakdown, the analysis goes into detail about which systems have had the most vulnerabilities and the severity of them, coming up with a number of rather intriguing conclusions.

Take a look at this graph for instance:

As you can see, certain systems perform better than others and what I found especially interesting is that contrary to what you might hear on the 'net, Joomla actually shows quite well from a security standpoint.

As part of the interpretation of this analysis, the author came to this conclusion:

  • WordPress only had a single serious vulnerability (in case I interpreted that correctly) -- impressive.
  • Drupal did also well, only the percentage is a little higher due to the low number of overall issues.
  • In contrast to the first two, TYPO3 appeared to not do well at all. It has by far most serious vulnerabilities both in absolute numbers and the percentage. However, I would attribute part of the difference compared to the other projects to TYPO3's stricter rating of vulnerabilities. One should probably add a CVSS comparison to Drupal to get a more balanced result.
  • Joomla, while having the most vulnerabilities overall, did very well with serious ones (meaning it had few of those).
  • SilverStripe seems to be floating somewhere between the other projects, neither being exceptionally good or bad.

You can read the report here: https://github.com/xeraa/cms-security/blob/master/README.md

I'd love to hear YOUR thoughts on this report, do you think the author is accurate or not? Do you have any suggestions for improving the gradings?

Mike Johnston

Mike Johnston Author

Mike started CMS Critic in 2008 and has become a recognizable face and valued expert in the world of content management. He has worked with many small business and enterprises to establish their online presence and to assist with marketing strategies. If you are interested in working with him, drop him a line.

About CMS Critic

CMS Critic is one of the top resources on the web for unbiased, honest reviews. Since 2008, we've provided a resource for readers worldwide to find information, get advice and discover the latest news about software, hardware and services such as Content Management Systems, Website Builders, Linux Distributions and much more. To learn how to contribute or work with us, drop us a line.

Follow Us