Over the past 5 years, Bluetext has designed over 100 enterprise websites, and over that time the CMS question has evolved – like most technologies – from what is the best CMS for my organization to which platform is most secure. Both open source and proprietary options can and do make a strong security argument, however for the most part the answer to the question lies completely outside of either platform.
The leading open source platforms – Drupal & WordPress – are developed by a community of thousands of developers around the world. And while the software code by its very nature is open and visible, vulnerabilities can be identified and corrected far more quickly due to the sheer number of developers testing it versus those in a closed source environment. The obvious downside being that these vulnerabilities also have the potential to be exploited by more unsavory characters for the short time they are exposed – which together with the number of prominent sites on the platform – works only to ensure a more secure code base.
On the other hand, from a closed source perspective, the platform is owned by a very small team of specialists who are developing code that the world has no visibility to. What this means is, that while best practices are put in place to protect against potential vulnerabilities, it is all done so in theory versus the perpetual vigilance of a global open source community. So, just because the code is developed in a closed environment, it doesn’t make it any more secure than it’s more open minded brethren.
From a global CMS perspective, it is impossible to claim definitively that one is more secure than the other due to all of the external variables they are exposed to during their lifecycle. The most critical path to optimal security is making sure the CMS software is well maintained well and kept up to date to ensure that no vulnerabilities are left open.
But as I suggested right up front, the majority of security challenges lie completely outside of the platform –the CMS is just one piece to the security puzzle – the user base it interacts with and the server environment it sits in everyday are the other external variables that will prevent any CMS from ever being completely secure – so there is no clear winner here.
Your organization’s ability to implement sound security practices globally will have a much greater impact on the security of your CMS than whether you are in an open or closed source environment. A strong digital agency partner can also help ensure that your CMS is tested and updated on a regular basis to provide optimal security across your digital enterprise.