DEV Community

[Comment from a deleted post]
Collapse
 
scottsawyer profile image
Scott Sawyer

When I started in web dev, I built my own framework that progressively became more sophisticated over time, but it wasn't a well thought out product. It worked well enough, but it was quickly over shadowed by the likes of WordPress and Drupal.

Unfortunately, after many years in service, one of my clients got hacked. I hadn't sanitized a file upload well enough, and the auth was too weak. I had already abandoned my custom framework by the time this happened.

With the big open source projects, you get the benefit of many eyes. Commercial projects (presumably) have security teams. I am curious, how do you plan to ensure your CMS remains secure, both from current and emerging threats?

Collapse
 
hxii profile image
Paul (hxii) Glushak

Even WordPress gets hacked, so the big project card doesn't fly here.

It's simple, really:
A. Use (actually use it) it yourself. If you make something but never use it, there's a disconnect which contributes to the problem.
B. Give a fuck. Found an issue? Fix it. Someone else found an issue? Merge the code.
C. Make it public.