Recently, I was contacted by the author of an incredibly detailed analysis of open source CMS security. As part of this breakdown, the analysis goes into detail about which systems have had the most vulnerabilities and the severity of them, coming up with a number of rather intriguing conclusions.
Take a look at this graph for instance:
As you can see, certain systems perform better than others and what I found especially interesting is that contrary to what you might hear on the ‘net, Joomla actually shows quite well from a security standpoint.
As part of the interpretation of this analysis, the author came to this conclusion:
You can read the report here: https://github.com/xeraa/cms-security/blob/master/README.md
I'd love to hear YOUR thoughts on this report, do you think the author is accurate or not? Do you have any suggestions for improving the gradings?