Are Open Source CMSes secure ?
This is a question most people face when moving from traditional proprietary CMSes to Open Source CMSes. In traditional proprietary CMSes you can usually pay for the software maintenance, which insure you against the consequences of security flaws. In Open Source CMS market, on the other hand, only vendors such as Alfresco and eZ publish provide vendor-based commercial software maintenance.
Lots of articles claim that Open Source softwares are more secure than proprietary software, based on the number of security flaws and community sizes. Inside Open Source communities there is a very strong notion that open source is secure. However John Viega in the article “Open Source Security: Still a Myth” point out some important considerations:
“For most applications it does seem reasonable to expect that proprietary software will generally have fewer eyeballs trained on the source code. However, can the average developer who looks at open source software do a good job of finding security vulnerabilities? While I do believe the answer to this could someday be yes, the answer is not at all clear-cut right now.”