[Mageia-dev] A comparison of forum software from a security POV
Tux99
tux99-mga at uridium.org
Mon Sep 27 08:19:03 CEST 2010
I did a quick comparison of the most common forum software packages
(both commercial and FOSS) from a vulnerability point of view.
I'm subscribed to the well known (every sysadmin that takes his/her job
seriously is subscribed to it) weekly SANS "@RISK: The Consensus
Security Alert" newsletter since 2000, so I have an mbox archive file
that contains almost 11 years worth of weekly alerts of software
vulnerabilities.
A quick an easy way that I have used before to assess the vulnerability
of any software is to do a simple grep of the software name in this mbox
file and count the times that software gets mentioned. While this is not
100% scientific it gives a good approximation of the amount of
vulnerabilities a particular software has suffered from.
Here are the results, from most vulnerable to least:
grep -i phpbb sans-security_alert|wc -l
723
grep -i vbulletin sans-security_alert|wc -l
256
grep -i "Invision power board" sans-security_alert|wc -l
238
grep -i mybb sans-security_alert|wc -l
176
grep -i "Simple Machines Forum" sans-security_alert|wc -l
58
grep -i fudforum sans-security_alert|wc -l
7
All I can say, I'm surprised that the official Mandriva forum (which
uses phpBB) is still standing... :-)
And this confirms another thing: FUDforum is really a hidden gem.
More information about the Mageia-dev
mailing list