It is very common in our industry for an open source CMS (content management system) to be used when building a website. Popular ones include WordPress, Drupal and Joomla and many others.
There are several down sides from a security standpoint to the open source model which is why Byte Productions chooses not to build websites using these platforms.
Anyone in the world can download the code and look at it. If there is something exploitable, this makes it VERY easy to find.
There are often many contributors to building an open source project, with varying degree of skill and experience. The open source community contribution to the product can mean a “bad-guy” can intentionally inject backdoors, however the proper model for this business would be that code should be reviewed and known to be “good” before released. Again the skill and experience of the contributors for this part still are the question.
The install procedure and documentation. They often assume a “lowest common denominator" of technical skill for install. Also, assuming most people host on shared systems where they don’t have root level access to lock down the server, that being in someone else's control. As such, the files that get installed are uploaded via insecure methods and then once on the server themselves often times parts of the install code are left behind.
No one can download and look at it. Period. Therefore, we don’t even have the majority of problems found with others.
We have all known-employees working on our code, we know what their level of skill is, and our own level of experience is very high.
We install and maintain it. Our customers do not have to watch for updates. We update it when we find something that needs updating. We keep it on a hardened server system with limited access. We are not limited to the open source type of install procedure where folder permissions are often granted too loosely in a shared server environment.
We make sure our code is clean from potential attacks. Again, not having our code open to prying eyes in the first place makes it even more unlikely for a possible attacker to know where to look.
If you or someone you know has had security issues with an open source CMS platform, please have them contact us. We can provide secure solutions for any sized business.
Share on Twitter Share on Facebook Back to Blog