Open source vulnerabilities will hamper the next generation of the web
As the internet continues to evolve, a silent menace lurks in its corners, threatening to undo the progress and new emerging innovations, such as the metaverse and Web 3.0. The internet teeters on the brink of collapse, driven to the edge by open source vulnerabilities, layers of siloed web management systems, and inadequate website governance.
If you think this is hyperbole, think again. At Forrit, a next-generation, global content management system (CMS) provider, we have surveyed over 500 tech and marketing business decision-makers to understand the threats to the evolution of the internet. We found that 89% of respondents are optimistic that Web 3.0 and the metaverse have the potential to revolutionise the way we interact with the web. Yet a staggering 87% believe the current state of the internet will stunt these innovations.
The main driver of these concerns lies in the tools used by brands to build their online presence - the Content Management System (CMS). The report uncovered that even some of the most heavily regulated industries rely on highly vulnerable and unscalable CMS. The identified issues included open source vulnerabilities and multiple legacy or siloed layers of these web management platforms.
The Forrit survey found that over half of the respondents (57%) say they have website security flaws. This can have a serious impact on brand loyalty. Over 4 in 5 (84%) admitted that customers would lose trust in the brand if they discovered these security flaws.
These serious challenges can lead to increased platform outages, security vulnerabilities exposed with potentially devastating consequences, and the web becoming practically unusable. At Forrit, we have termed this grim future of the internet Web O.No. Widespread adoption of Web 3.0, the metaverse, and the aspirational innovations pegged for the future remain in limbo until we can streamline business web assets and steer clear of Web O.No.
Growing open source vulnerabilities
Despite the security risks, it's easy to see why open source CMS systems have become the de facto standard. By design, open source licences encourage collaboration and knowledge sharing. Open source fosters collective innovation and creativity by granting individuals the freedom to modify source code and integrate those changes into their projects. The very thing that draws businesses to open source web platforms is also its biggest weakness. Bad actors have found open source projects an easy target because of the nature of open source's community-led approach. The very thing that draws businesses to open source web platforms is also its biggest weakness. Created by multiple unknown third-party developers, using shared source code, plug-ins create vulnerabilities and leave brands open to hackers. Hackers can easily edit and corrupt CMS plug-ins that open-source solutions rely on to infiltrate widely used projects and solutions to gain access into enterprise organisations.
Today, there are numerous reports on the scale of open source vulnerabilities present in the wild today that give C-suite executives sleepless nights. The recently identified malicious XZ backdoor in the widely used XZ open source library, potentially in millions of devices, is just one example of the scale of the issue. Needless to say, the consequences can be catastrophic to businesses.
Getting lost in the multiple siloed CMS legacy
Another contributing factor to website security vulnerabilities is the widespread practice of using multiple CMSs simultaneously. Our research indicates that a staggering 88% of enterprises manage more than one CMS. Operating across multiple CMSs leads to a proliferation of operators and providers and, consequently, multiple points of weakness in the architecture.
Relying on multiple CMS or legacy systems makes the web's governance a challenge. With CMS sprawl, it becomes harder to ensure compliance and maintain the regulatory standards required to protect customer data and ensure information security across many platforms. Our research further highlights this concern; just over one in three (34%) say that managing multiple content management platforms means they don't have control of the content on their sites. Nearly half (47%) are unsure of how many people have access to the site and/or who has the ability to upload content. Equally, almost the same number of experts (48%) are unable to account for every web page and, therefore, the breadth of the content across their websites.
Furthermore, organisations risk outages, dysfunctional interfaces, and hazardous content hidden within neglected pages of reputable websites when operating multiple website management systems. Shockingly, 44% admitted they don't have control of the website content as a direct result of this practice.
What's the solution?
Avoiding open source CMS platforms and consolidating to one composable CMS is essential for businesses to regain control of their websites and ensure the security of their online presence. Additionally, 89% of respondents also believe that adopting composable architecture will empower companies to prove their digital estate in the future. Unlike traditional non-composable CMSs, which often lock businesses into rigid structures, composable platforms offer flexibility and adaptability. With modular components, organisations can easily adjust their digital infrastructure to meet evolving needs without the risk of outages. Closed-source composable CMSs enable enterprises to enjoy the benefits of agility and innovation, which draws many to open-source solutions without compromising on data integrity and confidentiality.
Looking ahead
Our study tells us that there is much to be optimistic about regarding the future of the internet and the new technologies that will power it. However, many of the innovations that could transform business will remain out of reach until we address the chaos of our current internet. Insecure, fragmented and sprawling CMS systems are exposing businesses to major security flaws. Forget Web O.No, if we don't act now, we're heading for Web O.No.