Remarkable statements in the security study Content Management Systems (CMS) of the German BSI
In the last few days, the German Federal Office for Information Security has published a study on the security of open source CMS. There has been a lot of discussion and tweeting about it. The study was written by people from ]init[, an agency that works not exclusively but primarily for companies close to the federal government. Employees of the Frauenhofer Institute for Secure Information Technology are also named as authors.
The details of the study have already been widely commented on, so I won’t repeat them here. However, in the summary of the study, which from my point of view belongs at the beginning, there is the following remarkable passage;
“First of all, it should be noted that the open source projects under consideration have demonstrably implemented a security process. The software has a product character with a published release plan, a transparent bug tracker, etc. The implementation of a security process corresponds to the state of the art, which even many commercial software packages created under time pressure do not achieve. The resulting software is – measured by its functionality and the resulting complexity – a good choice for a service provider.”
And further:
The structure and information content in the publication of vulnerabilities are exemplary in Drupal, TYPO3, Joomla! (feed) and Plone…”
I am copying this section for later discussions regarding security in OpenSource CMS. You can’t say it much more clearly and directly.
The entire study can be downloaded here.
Artikel auf Social Media teilen: