Public administrations can turn to open source content management systems, concludes Germany's Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). In June it published a study looking at the safety of five of the most popular open source systems, Drupal, Plone, WordPress, Joomla and TYPO3. In functionality and the resulting complexity, these CMSs are 'a good choice for a service provider'.
"All considered systems offer a wealth of features, enhancements and configuration levels."
The security of open source systems is evaluated positively, yet none of the CMSs should be run by inexperienced users, the report warns. There is a permanent rivalry between the security teams involved in the systems and others trying to exploit them. "The number and frequency of published vulnerabilities require about 15 minutes per CMS per day, to identify issues, make safeguards and apply patches."
Public administrations using these open source content management systems enjoy the benefits of significantly higher tests and significantly lower risks of undiscovered vulnerabilities than a specialized web application, according to the study.
One of the authors of the study, Małgorzata Mochól, a consultant for the German ICT service provider Init, earlier this month published a summary on the site of Kommune21, an IT news publication focussing on public administrations. The central finding of the study, she writes, is that all open source content management systems have an adequate level of security and a proven process to fix vulnerabilities.
The studies considers the usefulness of the five CM systems for four use cases: a private event, the site of a small public administration, the web site of a small town and the sites of mid-sized companies with multiple locations. For each of these four scenarios, the authors conclude, these systems are useful.