Real Story Group. Make Better Technology Decisions.
Delivering fearless advice since 2001. Here's our story
What Real Independence means. Find Out
Kas Thomas
Beware Drupal, Joomla! plug-in vulnerabilities
IBM has released its IBM Security Solutions X-Force 2009 Trend and Risk Report, and the news for users of popular WCM platforms Drupal, Joomla!, TYPO3, and WordPress is decidedly mixed.
According to IBM's research, while Apache and PHP account for only 0.4 percent and 0.6 percent (respectively) of total reported vulnerabilities, Drupal accounted for 2.7 percent and Joomla! accounted for 2.6 percent. TYPO3 and WordPress fared somewhat better, at 1.5 and 0.4 percent, respectively.
But the more ominous news has to do with patches for security problems involving plug-ins. A whopping 80 percent of the vulnerabilities reported for Joomla! plug-ins (against 13 percent for Drupal plug-ins) had no available security patches by year's end. That compares to 8 percent of Joomla! core system vulnerabilities that had no known patch, and 18 percent of Drupal core vulnerabilities with no patch. If you're a TYPO3 user, you'll find that 51 percent of plug-in vulnerabilities have no patch (versus just 5% of core system gotchas), while with WordPresss the unpatched plug-in flaws come to 57 percent, versus 13 percent for core.
Bottom line: Systems that are heavily reliant on plug-ins are more apt to have security vulnerabilities for which there is no known patch. Why is this? Even frequently-used plug-ins are not always actively maintained and enhanced by their original developers. Our Web CMS evaluation research cites some specific examples across several platforms.
Excerpt from the Drupal Evaluation
Web Content Management Report looks at... Integrated Site Search in Drupal
"The integrated full-text search functionality is adequate for searching text-based content, though file-based content is not indexed -- making Drupal arguably less useful for an intranet. The default search configuration has a basic search and an advanced search that can look for keywords, exact match phrases, and can restrict by content type. Searches tend to return too many results rather than too few. Note that the index is refreshed by a scheduled script running on the server, rather than every time content gets updated. On the whole, this is quite weak..."
(p. 441)
CMS Vendor Evaluations
Learn the real strengths and weaknesses of major CMS vendors from around the world, in our Web Content and Experience Management research stream.
Free Sample Request
Subscriber Log In
Research Mentioned in this Post
CMS Vendor Evaluations
Learn the real strengths and weaknesses of 35 major Web CMS products from around the world.
Our Newsletter
Have Questions?
USA & Canada
+1 800 325 6190
UK
+44 (0) 20 3318 1911
International
+1 617 340 6464
All Other Inquiries
Our Customers Say
"I think The Web CMS Research is well worth it. Information is always key to good decisions; don't skip that step! It's also surprisingly well written and not as dry as you would expect. I have an IT background and also a writing (English Literature) background, so I very much appreciated the balance of charts, tech info, and plain-speaking, good old sentences!"
Paul Whittle, Web Manager, Memorial University
Real Story Group
Follow us on: 
|
|
|
