blob: 62fb0508fab981456118b94147872b4b1da7106e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] A comparison of forum software from a security POV
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20A%20comparison%20of%20forum%20software%20from%20a%20security%20POV&In-Reply-To=%3CPine.LNX.4.44.1009270806570.21433-100000%40outpost-priv%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000293.html">
<LINK REL="Next" HREF="000284.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] A comparison of forum software from a security POV</H1>
<B>Tux99</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20A%20comparison%20of%20forum%20software%20from%20a%20security%20POV&In-Reply-To=%3CPine.LNX.4.44.1009270806570.21433-100000%40outpost-priv%3E"
TITLE="[Mageia-dev] A comparison of forum software from a security POV">tux99-mga at uridium.org
</A><BR>
<I>Mon Sep 27 08:19:03 CEST 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000293.html">[Mageia-dev] Will this work for a build system?
</A></li>
<LI>Next message: <A HREF="000284.html">[Mageia-dev] A comparison of forum software from a security POV
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#283">[ date ]</a>
<a href="thread.html#283">[ thread ]</a>
<a href="subject.html#283">[ subject ]</a>
<a href="author.html#283">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>
I did a quick comparison of the most common forum software packages
(both commercial and FOSS) from a vulnerability point of view.
I'm subscribed to the well known (every sysadmin that takes his/her job
seriously is subscribed to it) weekly SANS "@RISK: The Consensus
Security Alert" newsletter since 2000, so I have an mbox archive file
that contains almost 11 years worth of weekly alerts of software
vulnerabilities.
A quick an easy way that I have used before to assess the vulnerability
of any software is to do a simple grep of the software name in this mbox
file and count the times that software gets mentioned. While this is not
100% scientific it gives a good approximation of the amount of
vulnerabilities a particular software has suffered from.
Here are the results, from most vulnerable to least:
grep -i phpbb sans-security_alert|wc -l
723
grep -i vbulletin sans-security_alert|wc -l
256
grep -i "Invision power board" sans-security_alert|wc -l
238
grep -i mybb sans-security_alert|wc -l
176
grep -i "Simple Machines Forum" sans-security_alert|wc -l
58
grep -i fudforum sans-security_alert|wc -l
7
All I can say, I'm surprised that the official Mandriva forum (which
uses phpBB) is still standing... :-)
And this confirms another thing: FUDforum is really a hidden gem.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000293.html">[Mageia-dev] Will this work for a build system?
</A></li>
<LI>Next message: <A HREF="000284.html">[Mageia-dev] A comparison of forum software from a security POV
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#283">[ date ]</a>
<a href="thread.html#283">[ thread ]</a>
<a href="subject.html#283">[ subject ]</a>
<a href="author.html#283">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
