The Real “Truth” About Open Source CMS


  • By Matt Sullivan
  • Published: August 09, 2013
  • 2 Comments

So many years in my formative youth were spent looking at the blinking cursor of a command-line prompt as I learned computer programming. The languages varied: Pascal, C++, Lisp, PHP, etc. I quickly started carrying the flag of Open Source Software. I installed Linux on my computer; I thought Red Hat would overthrow Microsoft and that all software should be “free." Fast-forward ten years, and I’m writing about the benefits and advantages of proprietary software applications, especially for Content Management Solutions. Who would of thought?

A Drupal-support company recently published a blog post written by a member of their sales team, where he denounced his past life as a proprietary CMS salesman, and apologized for the “lies” he told when selling against Open Source. The funny part about the post is that his new found honesty doesn’t exactly tell the whole story. Since this post has been gaining traction, I wanted to respond.

(The Bold Text is from the original article, my response is in plain text.)

Lie: Open Source CMS solutions aren’t secure because their modules and contributions come from different organizations.

Truth: The fear of attacking the security of Open Source CMS is very popular in the commercial world because it can create a great deal of fear amongst organizations. The TRUTH is that most Open Source solutions have more stringent security guidelines than their commercial counterparts. Drupal,for example, has their own Security Team comprised of 40 individuals across three continents. Oh, and the LIE about anyone being able to contribute to Open Source? Not True – there is quite a process to go through to even just submit a project before it goes through peer review. For a thorough review of the security protocols with Drupal.

The Whole Story: Open Source CMS, like Drupal, go through a stringent process of code submission, peer review, and approval before even the smallest component is added or changed to the core functionality. While that is a true statement, the add-on modules that many sites require don’t go through that process. Anyone with basic PHP knowledge can write and share a Drupal module. In fact,a module was the root cause of Drupal.com being hacked in 2013.

Lie: Open Source CMS solutions don’t integrate well with other commercial products that round out the digital ecosystem.

Truth: This lie couldn’t be any more wrong. The strength of the large community based open source solution is that the community and modules evolve and grow to provide that community of users exactly what they need to succeed. In doing so, modules and tested integrations to the leading third party solutions are readily available when they are needed instead of being prioritized by a commercial product’s release road map. Take the story of Pinterest for example. In February of 2012, Pinterest hit 10 million unique visitors. In March of 2012 a Drupal module was created for website users to“pin” site images to Pinterest. Within one month, 15 sites went live with the integration and today that module has been downloaded more than 1,000 times.

The Whole Story: At the end of the day, integration between software systems depends on the level of access each provides through an API or web-service. Any two software platforms can be made to talk to each other with enough time and effort. Commercial CMS providers will often build connectors for out-of-the-box integration to streamline the process, as well as preserve the integration through the upgrade path. 

For instance -- self promotion alert!!! -- iAPPS 5.0 was released with native integration with Brightcove video hosting and Clay Tablet for translation services, and this is on-top of already existing integrations with Salesforce.com, Perceptive Search, UPS Global Logistics, and Cybersource.

Lie: Open Source CMS solutions are great for small projects or maybe non-mission critical sites, but don’t meet the standard for large enterprise organizations.

Truth: Some of the largest and most mission critical websites in the world are now being managed with Drupal. Just a query on a tool like builtwith.com will reveal sites like http://www.ge.com,http://www.grammy.com, http://www.examiner.com, and http://www.turner.com. We’ve known for a while that the White House has also been a strong proponent of Open Source CMS solutions as well. Oh, and just recently we learned that one of the largest websites in the world, Weather.com, is moving to Drupal.

The Whole Story: Big or small, organizations need to evaluate the best fit for their project. There are large organizations powered by Wordpress, and smaller companies that use Commercial CMS. It’s all about what solution is going to deliver a site that meets the company’s goals.

In the end, however, there is no one solution that is a perfect fit for every project, so your CMS short-list should consider many aspects all aspects: scalability,ease-of-use, support, functionality, and more. Also, it’s also about selecting the right team to implement the CMS and complete the project. Whether your project is executed in-house or by a development partner, everything should be about delivering your new site on-time, under budget, and to specification.

For the latest news and tips on Digital Marketing strategies, make sure to follow Bridgeline Digital on Twitter.

2 Responses to "The Real “Truth” About Open Source CMS"

    • Dave Scalera
    • August 10, 2013

    Matt, Thanks so much for continuing this conversation. In doing so, however, you seem to have further validated my claim. Your statement, "Anyone with basic PHP knowledge can write and share a Drupal module.", is simply not true. Start here and take a look at the process and see what it takes to be a first time Drupal contributor - https://drupal.org/node/7765. For more information on Drupal Security, go here - https://www.acquia.com/blog/keeping-drupal-secure. The Drupal Security team is 40 people strong - larger than the R&D teams of most proprietary software companies. Ben J. above already pointed out your discrepancy to the Security update in May. As impressive as your list of those six 3rd party integrations you mention your product has, the truth that I was trying to convey is the pure velocity and time to market that is experienced within the Open Source community. Commercial solutions are bound by their internal product development roadmaps (which have their place), but Open Source development moves at the speed of the web and the hundreds, if not thousands, of integrations that Drupal has is indicative of that. And finally, as much as I appreciate your CMS short-list checklist and link to your qualified partners, I don't think we disagree at all on organizations doing appropriate due diligence to find the best solution available for them - which sometimes might be Commercial, sometimes might be Open-Source. My point was only that Open-Source is completely viable option for Enterprise engagements. Best of luck to you with your product and solutions. -Dave

    • Ben J
    • August 09, 2013

    Your statement "In fact,a module was the root cause of Drupal.com being hacked in 2013." is not accurate. The drupal.org page on the incident (https://drupal.org/news/130529SecurityUpdate) says "Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself." The key point being it wasn't Drupal, core or modules. drupal.org doesn't just run the Drupal software.

Add a Comment

* Required

Note: Your comment must be approved before it will be displayed on this page.

Back to top

Stay Connected

  • LinkedIn
  • RSS Feed

Knowledge Center