[Mageia-dev] A comparison of forum software from a security POV

Tux99 tux99-mga at uridium.org
Mon Sep 27 08:19:03 CEST 2010

I did a quick comparison of the most common forum software packages 
(both commercial and FOSS) from a vulnerability point of view.

I'm subscribed to the well known (every sysadmin that takes his/her job 
seriously is subscribed to it) weekly SANS "@RISK: The Consensus 
Security Alert" newsletter since 2000, so I have an mbox archive file 
that contains almost 11 years worth of weekly alerts of software 

A quick an easy way that I have used before to assess the vulnerability 
of any software is to do a simple grep of the software name in this mbox 
file and count the times that software gets mentioned. While this is not 
100% scientific it gives a good approximation of the amount of 
vulnerabilities a particular software has suffered from.

Here are the results, from most vulnerable to least:

grep -i phpbb sans-security_alert|wc -l
grep -i vbulletin sans-security_alert|wc -l
grep -i "Invision power board" sans-security_alert|wc -l
grep -i mybb sans-security_alert|wc -l
grep -i "Simple Machines Forum" sans-security_alert|wc -l
grep -i fudforum sans-security_alert|wc -l

All I can say, I'm surprised that the official Mandriva forum (which 
uses phpBB) is still standing... :-)

And this confirms another thing: FUDforum is really a hidden gem.

More information about the Mageia-dev mailing list