Article written by Sean Michael Kerner originally posted on eSecuritypPlanet.com
HP has found that 70 percent of the applications that they are engaged to scan have some form of security vulnerability. Of those, 50 percent have what HP as identified as serious issues that could expose organizations to risk.
In particular, HP has given a particular focus to content management systems (CMS) during 2010 which yielded some interesting results. According to HP, it’s not always the core CMS system that is the root cause of vulnerability.
“A lot of the vulnerabilities in the Content Management Systems have shifted away from the core applications themselves and have shifted to the plugins in those applications.” Mike Dausin, manager of advanced security intelligence for HP DVLabs told InternetNews.com. “This is actually an even broader security trend which we have also seen on the desktop.”
As a case in point, Dausin added that today it’s more likely that a researcher will find vulnerabilities with browser plug-ins than with the browser code. A recent survey from security vendor Qualys found that the Java browser plug-in is the most likely to be at risk.
Dausin noted that when it comes to the three most popular open source content management systems, Joomla, Drupal and WordPress, they each have their own respective reputations to protect and ensure security. On the other hand, Dausin noted that plugin developers don’t have as much at risk and may be more relaxed when it comes to enforcing security.
“WordPress these days has very few vulnerable installs that we could find versus Joomla where nearly all of them are vulnerable in one form or another,” Dausin said.
Read the rest of the article here.