This post originated from an RSS feed registered with Python Buzz by Carlos de la Guardia. Original Post: The one list where I'm glad Joomla and Drupal are way ahead of Plone Feed Title: I blog therefore I am Feed URL: http://blog.delaguardia.com.mx/feed.atom Feed Description: A space to put my thoughts into writing. Latest Python Buzz Posts Latest Python Buzz Posts by Carlos de la Guardia Latest Posts From I blog therefore I am

IBM recently released its IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which takes a look, among other things, at web-application-based security vulnerabilities.

The report has a top ten list of vendors with the most vulnerability disclosures. Can you guess which one of Drupal, Joomla or WordPress shows up on the list?

If you answered 'all of them', you were right on the money. Joomla is at the number two spot, while Drupal and WordPress are 8th and 9th place on the list. Funny that all three of those use PHP, but I'm not saying it has anything to do with this (I'm thinking it, but I'm not saying it).

The reason Plone is not on this list? Well, for one thing, we may be flying below IBM's radar (the word Plone does not appear on this study at all), but I think Zope 2 is indeed more secure. Consider also that one of the most common types of attack according to the study is SQL injection, to which Plone is immune by virtue of not using a relational database at all.

If you can take a look at the report, do so. It's interesting and not that long.