We fully understand and expect that security ranks high on the list of website requirements for our clients. One of the strongest reasons for Webonobo's exclusive use of Plone software is its nearly impenetrable security features. That being said, Plone's overview* on this topic states that "security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews."
Though difficult to quantify, one useful measure of a software's security is the number of common vulnerabilities and exposures (CVEs) that occur in a given period. As the following figures demonstrate, the Plone/Zope/Python stack clearly outperforms other CMS platforms:
|Total On Record
||Last 3 Years
|CVE Entries containing Plone:||13||9|
|CVE Entries containing Zope:||27||9|
|CVE Entries containing Python:||111||65|
|CVE Entries containing Drupal||371||269|
|CVE Entries containing Joomla:||653||441|
|CVE Entries containing MySQL:||282||84|
|CVE Entries containing Postgre:||82||22|
|CVE Entries containing PHP:||18,859||5,813|
|CVE Entries containing Perl:||3,835||1,780
The figures presented represent the total number of occurrences of the term searched, with the numbers in parenthesis representing the number of occurrences in the past 3 years. Extracted from the National Vulnerability Database, March 30, 2011.
With such an impressive track record, we are completely confident in Plone's ability to provide your site with the highest level of security available.
*excerpt from http://plone.org/products/plone/security/overview