Why Drupal is Secure
Today, millions of websites have been built using Drupal and this number is increasing day by day. One of the most important features that distinguish Drupal from other content management systems is that it is not only a CMS (Content Management System) but also a powerful framework. With Drupal, it is possible to create very complex web applications as well as flat websites. Another feature that makes Drupal powerful is its active developer community. Drupal, an open source content management platform, was first developed by Dries Buytaert, but later thousands of Drupal volunteers joined the project. Drupal is also actively supported by many Drupal service providers in Europe and America. These are not the only reasons that make Drupal powerful, besides all these, Drupal is much more secure compared to other CMS's.
So why is Drupal secure? Drupal has an elected security team (Drupal Security Team) that is responsible for coordinating and fixing all security vulnerabilities and sharing them with the community.
As shown in the graphic above, the vulnerability is reported to the Drupal security team by end users or someone in the security team. The reported vulnerability is analysed by the security team, it is determined what it affects, and if there really is such a vulnerability, it is reported to the team developing the module. After this vulnerability is reported, the entire process proceeds confidentially and the vulnerability is reported to the module developer who developed the relevant module. The person or team developing the module closes the vulnerability in coordination with the Drupal security team, and if necessary, the Drupal security team provides support on how to close the vulnerability. The updated project is reviewed again by the security team and if the update is approved, the relevant project is updated on drupal.org and the vulnerability is shared with the entire community. Finally, the relevant project is updated by webmasters on their websites. The functioning of the Drupal security team can be briefly summarised in this way.
So who determines this team? Every year the Drupal Association holds elections among its members for various management positions, and the security team is also determined during this election. The security team has a structure as follows;
- Security Team Lead (1)
- Security Team Coordinators (3)
- Weekly Security Team Responders
Obviously, it is not only the presence of a security team that makes Drupal secure, but also thousands of Drupal volunteers make Drupal more secure due to the philosophy of free software. Imagine, the code written by a programmer is read and analysed by thousands of other programmers... When this is the case, we can say that Drupal is much more secure than closed software such as other free software.
However, it is of course not possible to say that all free software is secure, for example, if you use Joomla, you are likely to encounter many more security vulnerabilities and your sites can be hacked. Another reason that makes Drupal secure is the architecture of the software itself, so Drupal is more secure than other systems due to its structure.
Son olarak aşağıdaki kaynakları takip etmenizi tavsiye ederiz;
