Originally posted on silverstripe.org
Silverstripe CMS supports developers in secure coding practices and website owners in running secure websites and applications. A big part of this is rigour around security releases of our supported modules and communicating the impact of any vulnerabilities found there (see last year’s blog post: A better security classification for supported modules). But any website with our CMS will also pull in community modules as well as other dependencies not managed by us and dependencies which aren’t even in the PHP ecosystem. These are not covered by our releases or announcements so, what are your options to keep your sites secure across all of this?