Jumbo-core approach
This is another main approach for security management in Open Source CMSes. The Jumbo-core approach can be considered as the most secure way in order to keep control of the code, as well as the least secure since you will never have more functionalities activated than necessary.
Larger CMSes and ECMes have been developed based on Jumbo-core approach. All functionalities are located in the core of the application, while very special functionality like integration with other software are located in modules and extensions. Typically these types of systems have a slower evolution when it comes to new functionalities, but considered by many as more robust when the functionality first are launched. Critics of jumbo-core Open Source CMSes argue that this is the 20th century way to build software, but we still see new high-end Open Source
CMS projects like Alfresco that use a jumbo-core approach.
Positive reflections about the jumbo-core approach
A jumbo-core Open Source CMS gives the core developers (normally the best developers) a much better control and full overview of the Open Source CMS. Extensions tend to be developed under less organized routines, often a product of two developers weekend-job to solve a problem, whereas core functionality are usually subject for a more controlled QA procedure before launched.
Negative reflections about the jumbo-core approach
Looking trough the security announcements from jumbo-core Open Source CMS vendors give a clear picture of what the negative part of a jumbo-core approach is: You get affected by security bugs related to functionalities that you are actually not using in your Open Source CMS.