{"id":5246,"date":"2013-06-27T08:13:11","date_gmt":"2013-06-27T06:13:11","guid":{"rendered":"https:\/\/staging.alainveuve.ch\/remarkable-statements-in-the-security-study-content-management-systems-cms-of-the-german-bsi\/"},"modified":"2013-06-27T08:13:11","modified_gmt":"2013-06-27T06:13:11","slug":"remarkable-statements-in-the-security-study-content-management-systems-cms-of-the-german-bsi","status":"publish","type":"post","link":"https:\/\/www.alainveuve.ch\/en\/remarkable-statements-in-the-security-study-content-management-systems-cms-of-the-german-bsi\/","title":{"rendered":"Remarkable statements in the security study Content Management Systems (CMS) of the German BSI"},"content":{"rendered":"<p>In the last few days, the German Federal Office for Information Security has published a study on the security of open source CMS. There has been a lot of discussion and tweeting about it. The study was written by people from ]init[, an agency that works not exclusively but primarily for <a href=\"http:\/\/www.init.de\/kunden\" target=\"_blank\" rel=\"noopener noreferrer\">companies close to the federal government<\/a>. Employees of the <a href=\"https:\/\/www.sit.fraunhofer.de\/\" target=\"_blank\" rel=\"noopener noreferrer\">Frauenhofer Institute for Secure Information Technology<\/a> are also named as authors.   <\/p>\n<p>The details of the study have already been widely commented on, so I won&#8217;t repeat them here. However, in the summary of the study, which from my point of view belongs at the beginning, there is the following remarkable passage; <\/p>\n<p><!--more--><\/p>\n<blockquote><p>&#8220;First of all, it should be noted that the open source projects under consideration have demonstrably implemented a security process. The software has a product character with a published release plan, a transparent bug tracker, etc. The implementation of a security process corresponds to the state of the art, which even many commercial software packages created under time pressure do not achieve. The resulting software is &#8211; measured by its functionality and the resulting complexity &#8211; a good choice for a service provider.&#8221;<\/p><\/blockquote>\n<p>And further:<\/p>\n<blockquote><p>The structure and information content in the publication of vulnerabilities are exemplary in Drupal, TYPO3, Joomla! (feed) and Plone&#8230;&#8221;<\/p><\/blockquote>\n<p>I am copying this section for later discussions regarding security in OpenSource CMS. You can&#8217;t say it much more clearly and directly. <\/p>\n<p>The entire study can be <a title=\"BSI study on the security of OpenSource CMS\" href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/Studien\/CMS\/Studie_CMS.pdf?__blob=publicationFile\" target=\"_blank\" rel=\"noopener noreferrer\">downloaded here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div class=\"twoclick-intro\"><p>Artikel auf Social Media teilen:<\/p>\n<\/div><div class=\"twoclick_social_bookmarks_post_5246 social_share_privacy clearfix 1.6.4 locale-en_US sprite-de_DE\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_5246')){$('.twoclick_social_bookmarks_post_5246').socialSharePrivacy({\"services\":{\"twitter\":{\"reply_to\":\"\",\"tweet_text\":\"%20Remarkable%20statements%20in%20the%20security%20study%20Content%20Management%20Systems%20%28CMS%29%20of%20...\",\"status\":\"on\",\"txt_info\":\"2 Klicks f\\u00fcr mehr Datenschutz: Erst wenn Sie hier klicken, wird der Button aktiv und Sie k\\u00f6nnen Ihre Empfehlung an Twitter senden. \",\"perma_option\":\"off\",\"language\":\"de\",\"referrer_track\":\"\"},\"linkedin\":{\"status\":\"on\",\"txt_info\":\"2 Klicks f\\u00fcr mehr Datenschutz: Erst wenn Sie hier klicken, wird der Button aktiv und Sie k\\u00f6nnen Ihre Empfehlung an LinkedIn senden. \",\"perma_option\":\"off\"}},\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Xing, LinkedIn oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. \",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/www.alainveuve.ch\\\/en\\\/remarkable-statements-in-the-security-study-content-management-systems-cms-of-the-german-bsi\\\/\",\"post_id\":5246,\"post_title_referrer_track\":\"Remarkable+statements+in+the+security+study+Content+Management+Systems+%28CMS%29+of+the+German+BSI\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div>","protected":false},"excerpt":{"rendered":"<p>In the last few days, the German Federal Office for Information Security has published a study on the security of open source CMS. There has been a lot of discussion and tweeting about it. The study was written by people from ]init[, an agency that works not exclusively but primarily for companies close to the&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kadence_starter_templates_imported_post":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","mc4wp_mailchimp_campaign":[],"footnotes":""},"categories":[58],"tags":[],"class_list":["post-5246","post","type-post","status-publish","format-standard","hentry","category-technology"],"taxonomy_info":{"category":[{"value":58,"label":"Technology"}]},"featured_image_src_large":false,"author_info":{"display_name":"Alain Veuve","author_link":"https:\/\/www.alainveuve.ch\/en\/author\/veuvea\/"},"comment_info":0,"category_info":[{"term_id":58,"name":"Technology","slug":"technology","term_group":0,"term_taxonomy_id":58,"taxonomy":"category","description":"","parent":0,"count":123,"filter":"raw","cat_ID":58,"category_count":123,"category_description":"","cat_name":"Technology","category_nicename":"technology","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/posts\/5246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/comments?post=5246"}],"version-history":[{"count":0,"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/posts\/5246\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/media?parent=5246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/categories?post=5246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.alainveuve.ch\/en\/wp-json\/wp\/v2\/tags?post=5246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}