Tim Wilson, the site editor for Dark Reading, recently posted an article about recent at the AARP.org website.  In the colorfully titled article, "Porn Operators Hijack Pages on AARP Website", Wilson interviews Jeremy Yoder of MX Logic about why AARP.org's site was vulnerable.  In brief, the explanation given is that the site deployed a number of Web 2.0 features including user profile submissions which the site didn't properly filter out JavaScript redirected code.  Yoder than explains that the site's security or lack of security was due to it using a custom or in-house built content management system.

The AARP site is particularly susceptible to this sort of multi-pronged attack because it appears to be driven by a home-grown content management system, Yoder says. "It appears to be a custom system that's missing some baseline-level security capabilities. This site is accepting JavaScript code submissions, which are something that most off-the-shelf content management systems would have no trouble blocking."

AARP may have fallen into the trap that snares many sites when they seek to add Web 2.0-type capabilities, Yoder explains. "They choose their content management system based on its features, without giving much thought to its security capabilities," he says. "That can be a big mistake, especially if you are a site with a lot of visibility that might make a good target, like AARP."

Organizations that seek to build collaborative capabilities into their Websites should consider using systems that have been vetted by others, rather than a custom system, Yoder advises. "An open source solution has the benefit of a community behind it," he says. "WordPress has absorbed a lot of attacks, but now it's a lot stronger because of it."

This article brings back a lot of memories on past discussions we have had here at CMS Report.  A couple years ago, I posted an article that focued on a SitePoint article titled, I Have Never Met a Boxed CMS I Like.  The SitePoint article argued that a custom CMS would be a better option due to the fact that boxed CMS, whether open source or propriety, are too generic to be of value.  I argued that boxed systems cost less in both money and time, yet offered you more features than a custom CMS could provide.  After my post, a number of people commented for and against boxed systems.  Ironically, no one really talked about whether custom or in-house CMS were less or more secure than boxed systems.

In the world of IT, two years can make quite a difference.  It was not long ago that most Web applications would promote their security as an added feature to their product.  However, I think as time has moved on we realize that a secure site is not a feature of a CMS, but a basic requirement of the application.  In this respect, I can't help but think Yoder is correct that boxed CMS, whether open source or I'll argue a well-supported propriety package, is likely to be more secure than a custom CMS.  I think Sepeck's comment still holds true to why an "out of the box" CMS is the way to go.

If you want to 'write your own' then you are going to want to be locking your customer into you as a solution. I have met more developers convinced that they knew more then 'those other guys' about 'everything important' that end up leaving the customer with a virtually unsupportable system or so completely reliant on them, that when they leave, the customer has to spend as much or more on fixing or upgrading their sites later.

The 'out of the box' systems exist to fill a need because no one person (or small team for that matter) can be an expert on everything (web, rss, mail, design, information architecture). No one person should be able to lock a customer into them as a solution. That doesn't build a healthy eco-system for their customers or themselves.

The more eyes you have on the code behind the CMS, the more likely there is for someone to catch a potential security vulnerability.  When someone does find a way to hack into your system, the more hands you have working on the code the quicker the issue will likely be resolved to provide a security patch.  It isn't always true that boxed systems are more secure than a custom in-house CMS, but I'll argue that the odds are in the favor of the boxed CMS.

A few weeks ago, I mentioned that Wordpress 2.6 is more than a blog and is quickly evolving into a full-fledged Web content management system.  While they're a little late, some of my competitors (CMS Watch, InformationWeek) also recently noted the trend of blogging applications such as Wordpress taking on more CMS-like duties.

I wish I would have expanded on my own thoughts about blogging tools continuing to add more CMS functions into their software.  However, I'm not so sure I could have written it better than Irina Guseva's post at CMS Wire.  She takes the story even further by asking whether the trend from blog to CMS is a good thing or not.

Last week Edicy.com revealed a new website in preperation for the launch of the public beta of their new online CMS.  Edicy is a Fraktal product, a small startup based in Tartu, Estonia that was founded by Tõnu Runnel and Priit Haamer, top-level web experts plus Toivo Annus and Märt Kelder, some of the key figures at the founding of Skype.  Edicy is currently in private beta and accepting new users to test out it's system.

ComputerWorld: Corporate developers should take a cue from Web 2.0 companies by making users a key partner in software development processes.

Complete Story

Internet Evolution: "The IBM Data Governance Council sent out a press release this week predicting that within the next four years, data will become an asset that is reported on the balance sheet of corporations, and that data governance will become a statutory requirement.

This trend could bring a new emphasis on data quality and potentially increase corporate use of social networking as a means of improving that quality."

Complete Story

John Newton, Alfresco, posted a well written article on the business changes Web 2.0 will continue to the enterprise.  I especially not liked what he had to say about the strength of social publishing tools for knowledge sharing within a company, but also Web 2.0's strength to blend required knowledge available both inside and outside the organization.

These web sites will set further expectations on the internal systems you use and a requirement to integrate internal information with these external sources of information. Web 2.0 has an answer for this as well with an integration technique known as "mash up", the ability mix information from multiple sources using the web browser itself as the point of integration. These external sources of information also provide something that our internal information systems could never provide, a critical mass of opinion utilizing the Wisdom of the Crowds. We will ultimately need to combine external opinion with our internal opinion to get more accurate predictive decision making with our own unique insights inside the enterprise.

When I read what John has written, I can't help but think of our previous discussions on the strength of weak ties.  Companies that are willing to seek out knowledge internally and externally of their control boundaries are likely to have a greater business advantage over those companies that prevent their workers from taking the discussion beyond the office walls.  What a boring life that would be to only be able to talk to colleagues that wear only the same company logo you are wearing?  Companies need to accept the changes that are about to take place as their youngest workers will likely want and need to collaborate with more than just their fellow employees.  The world via social publishing offers their workers more than what most single companies can provide alone.

Alexandria, VA - June 30, 2008- Bitrix, Inc. is happy to announce the newest release of the world class CMS Bitrix Site Manager 7.0. Bitrix Site Manager is a Web Content Management System (CMS) that provides cost-effective solutions that meet the full promise of Web 2.0 Content Management Systems. CMS Bitrix Site Manager 7.0 is a multilingual platform that is simple for content owners to use and enables developers to build advanced Web sites that are stable and secure.

"Bitrix Site Manager 7.0 unleashes the full promise of CMS for a world-wide audience," said Sergey Rizhikov, CEO of Bitrix, Inc. "We are especially excited by the UTF-8 support. It is a great new feature allowing multilingual Internet projects. Our partners who work in Arabic, Chinese, Japanese and Vietnamese among others will do well by offering this functionality in their local markets.

Bitrix Site Manager 7.0 also unleashes the full promise of Web 2.0 Content Management Systems for worldwide audiences by empowering content owners to access well-designed site wizards and templates, add content on the fly, upload graphic images, build blogs, and collaborate. The ability to add new content is critical to boost search engine rankings and build conversations with web audiences.

Bitrix Site Manager 7.0 offers a host of new capabilities.

ComputerWorld: "Web 2.0 tools could significantly improve state and local government communications with constituents, as well as aid in recruiting top college graduates for IT positions, according to speakers and users at the Pennsylvania Digital Government Summit here last week.

However, speakers also warned that local and state government officials would have to move slowly, since they face perpetual IT funding and manpower constraints."

Complete Story