Most secure open source CMS
Plone has proven to be secure before and updated statistics from the CVE database show that Plone is still the most secure CMS. Bellow we see the last five years of statistics and I let them speak for themselves.
CMS vulnerabilities
| CMS | 2006 | 2007 | 2008 | 2009 | 2010 | |
|---|---|---|---|---|---|---|
| Drupal | 39 | 37 | 107 | 126 | 44 | |
| Joomla | 72 | 66 | 66 | 76 | 95 | |
| Plone | 3 | 1 | 6 | 1 | 1 | |
| Wordpress | 18 | 63 | 66 | 27 | 13 |
Plone vulnerability process
Plone is secure but still it has not managed to have zero security issues one year and probably nobody will manage that but there is a big difference on how to handle the found vulnerabilities. Today was the big patch Tuesday or ploneaggedon like some called it on twitter. Even with vulnerability like this Plone shows that is is mature and has a process for handling them. The security team announced the upcoming patch one week in advanced before the patch and details were made public. This gave all the Plone companies possibility to plan upgrade and downtime for their customers. Great work security team and sweet dreams.