There is almost nothing but positive things to talk about when speaking about pre-built, add-ons, extensions, frameworks relative to building a web application. Why reinvent the wheel when you can use proven parts?
However when it comes to using tools such as:
… and even smaller plugins such as the famous (or infamous) FCKeditor (now called CKEditor…
There are major reasons why such software should be carefully updated and patched regularly. Why?
– Software contains inherent flaws that will be exposed over time. If software is not supported by a paid team or a large community it will eventually be found to be susceptible to security vulnerabilities.
– All the above-mentioned products, while free in varying states, have had severe vulnerabilities. Joomla may be the worst culprit, but this is open to interpretation.
How to remediate potential risks?
1. Know what you have bought.
2. Know what you are using (open source or otherwise).
3. Review the code you have written.
4. Review the code that interacts with points #1 and #2. Ensure that this connecting code is up to date and secure.
5. Have a plan in place to regularly review the above items so that you are iron clad strong against such threats as new ‘in-the-wild’ exploits and employee attrition (leading to a lack of education and knowledge of your IT assets and general confusion).