With the polls closing in ten days for some of the best open source CMS out there, if you haven't voted already, you need to head over to Packt Publishing and let your voice be heard.  There are five finalists for differing categories to choose from.  Voting for the winners in each of the categories opened September 1 and ends on October 20, 2008.  This "public vote" will then be combined with votes by a panel of judges for the top three CMS in each category will then be voted for by a panel of judges.

This year, I'll be on the panel of judges for the Most Promising Open Source CMS.  The five fanalists in this category are:  CMS Made Simple, ImpressCMS, MemHT, MiaCMS, and SilverStripe.  I'm hoping to submit my choices for most promising CMS early next week.  This is going to be a tough choice for me as I have found myself impressed with each of the open source projects.  Many of these newer crops of CMS already have their eye on the ball by making sure they're ready to be used globally (multi-language capable, right to left text, etc).  Some of the older more established CMS still struggle to this day to make this happen in their projects.  

Some great discussion over at JoomlaTools about when the end of the life cycle should be for Joomla 1.0.

• Joomla 1.0 end of life
• More about Joomla 1.0 end of life 

There it was in front of my eyes.  The headline in osCommerce's forum read, "Is OsC Dead?, Discussion of the Progress of OsC".  Despite how some may read the title, the thread isn't about bashing osCommerce.  Instead, it is about users and community members concerned and even fearful of the slow pace of new development for osCommerce.  Despite all the talk about osCommerce 3.0, it has been a year and a half since OsC 3 Alpha 4 was released with the roadmap showing that Alpha 5 and 6 are still under development.  How can one not ask if the future of osCommerce is in jeopardy?

As mentioned at the osCommerce forum, Kerry Watson also has an article out about the new breed of open source shopping carts.  The article starts off with a that was then, this is now statement regarding shopping carts.

While the Big Three of the old guard — osCommerce, Zen Cart, and CRE Loaded — continue to duke it out among themselves, new-generation open source commerce projects have begun to spring up with new ideas and new ways of thinking. Most noteworthy of the new crop are France-based Prestashop and US-based programs Ubercart and Magento.

These fresh Web 2.0-style carts are mature and production-ready contenders, and all are at or beyond version 1.0 in their production cycle. These carts are equal or superior to many commercial e-commerce programs, and are available for free under the GNU or OSL 3.0 Public License. We've previously reviewed Magento, so this column will focus on the other two next-generation carts: PrestaShop and Ubercart.

Personally, I've been working on recommending a friend to upgrade his osCommerce site to either Magento or Drupal's Ubercart.  Even when the 3.0 version of osCommerce is released, it will likely still not have many of the Web 2.0 features that the new breed of shopping carts currently have now.  It's not that I think osCommerce is dead, but I do think that osCommerce has stopped evolving.  Good open source projects never die, they just fade away.

Packt is pleased to announce a new book that teaches users to create and modify themes for Drupal websites. Written by prominent Open Source and Content Management expert Ric Shreves, Drupal 6 Themes helps users create a striking new look for their Drupal websites with clean layout and powerful CSS styling.

Drupal is a free Open Source modular framework and Content Management System (CMS). Drupal is extremely scalable, making it ideal for both a simple personal website as well as an industrial strength commercial or institutional web presence. Written in the programming language PHP/MySQL, its power and flexibility combined with its exceptional design means it is one of the most popular choices for creating a CMS website.

Tim Wilson, the site editor for Dark Reading, recently posted an article about recent at the AARP.org website.  In the colorfully titled article, "Porn Operators Hijack Pages on AARP Website", Wilson interviews Jeremy Yoder of MX Logic about why AARP.org's site was vulnerable.  In brief, the explanation given is that the site deployed a number of Web 2.0 features including user profile submissions which the site didn't properly filter out JavaScript redirected code.  Yoder than explains that the site's security or lack of security was due to it using a custom or in-house built content management system.

The AARP site is particularly susceptible to this sort of multi-pronged attack because it appears to be driven by a home-grown content management system, Yoder says. "It appears to be a custom system that's missing some baseline-level security capabilities. This site is accepting JavaScript code submissions, which are something that most off-the-shelf content management systems would have no trouble blocking."

AARP may have fallen into the trap that snares many sites when they seek to add Web 2.0-type capabilities, Yoder explains. "They choose their content management system based on its features, without giving much thought to its security capabilities," he says. "That can be a big mistake, especially if you are a site with a lot of visibility that might make a good target, like AARP."

Organizations that seek to build collaborative capabilities into their Websites should consider using systems that have been vetted by others, rather than a custom system, Yoder advises. "An open source solution has the benefit of a community behind it," he says. "WordPress has absorbed a lot of attacks, but now it's a lot stronger because of it."

This article brings back a lot of memories on past discussions we have had here at CMS Report.  A couple years ago, I posted an article that focued on a SitePoint article titled, I Have Never Met a Boxed CMS I Like.  The SitePoint article argued that a custom CMS would be a better option due to the fact that boxed CMS, whether open source or propriety, are too generic to be of value.  I argued that boxed systems cost less in both money and time, yet offered you more features than a custom CMS could provide.  After my post, a number of people commented for and against boxed systems.  Ironically, no one really talked about whether custom or in-house CMS were less or more secure than boxed systems.

In the world of IT, two years can make quite a difference.  It was not long ago that most Web applications would promote their security as an added feature to their product.  However, I think as time has moved on we realize that a secure site is not a feature of a CMS, but a basic requirement of the application.  In this respect, I can't help but think Yoder is correct that boxed CMS, whether open source or I'll argue a well-supported propriety package, is likely to be more secure than a custom CMS.  I think Sepeck's comment still holds true to why an "out of the box" CMS is the way to go.

If you want to 'write your own' then you are going to want to be locking your customer into you as a solution. I have met more developers convinced that they knew more then 'those other guys' about 'everything important' that end up leaving the customer with a virtually unsupportable system or so completely reliant on them, that when they leave, the customer has to spend as much or more on fixing or upgrading their sites later.

The 'out of the box' systems exist to fill a need because no one person (or small team for that matter) can be an expert on everything (web, rss, mail, design, information architecture). No one person should be able to lock a customer into them as a solution. That doesn't build a healthy eco-system for their customers or themselves.

The more eyes you have on the code behind the CMS, the more likely there is for someone to catch a potential security vulnerability.  When someone does find a way to hack into your system, the more hands you have working on the code the quicker the issue will likely be resolved to provide a security patch.  It isn't always true that boxed systems are more secure than a custom in-house CMS, but I'll argue that the odds are in the favor of the boxed CMS.

Tavis sent an email to CMSReport.com asking me to take a look at WebGUI.  WebGUI is an open source content management system licensed under the GPL v2.

Hello, I wanted to send a quick note and see what it would take to setup a new CMS Focus category for WebGUI. (www.webgui.org) The community is extremely active and there is definitely plenty of buzz about new releases, the community, and the organizations who decide to adopt it.

WebGUI also powers cmsmatrix.org...

Thanks!

Tavis 

Let me first admit the obvious.  Up to this point, WebGUI has been offf my personal radar.  Taking a look at WebGUI's site, listed features, and community...I may need to correct the oversight.

A new version of my favorite shopping cart has been released.  Magento, an open source ecommerce platform, is now available under version 1.1.5.

This version includes many bug fixes for Magento 1.1.x that are listed in the release notes section.

This version also comes with new features:

• New category management tool that will allow store owners to manage a large number of categories, which can be tested on our demo admin site.
• New skin to the Magento Default theme which can be seen here

More information can be found at: http://www.magentocommerce.com/blog/mage...

I was a huge fan of Amy Stephen's Open Source Community.  The site's mission was built on a desire to be a "place for those of us interested in open source solutions and community issues".  OSC shared a similar goal of mine in which I have a strong desire to bring people together from competing Web CMS projects, products, and organizations and compare perspectives (though I have interest in propriety systems as well as open source).  Unfortunately OSC went offline last April with only a promise to be back up sometime in the future.

I will be taking the site down sometime tomorrow evening and will likely be down for awhile. It could be a week - maybe two, but one day, it'll be back! Thanks!

Recent discussion here at CMSReport.com brought the whereabouts of OSC back into question.  I personally don't know when OSC will ever be back online.  However, I think perhaps the better question might be, if you liked OSC.org what other sites should be considered?  That is a very hard question to answer.