The internet is now at the mercy of open source vulnerabilities.

By By Gary Roberts, CRO, Forrit

The future of the Internet and new innovations, such as the metaverse and Web 3.0, is at a crossroads. The growing menace of vulnerabilities in open source platforms, siloed web management systems, and insufficient website oversight threaten to push the internet to breaking point.

At Forrit we conducted a comprehensive survey involving more than 500 key IT and marketing decision-makers to understand the challenges hindering the evolution of the internet. The results are worrying: While a majority (89%) of respondents expressed optimism regarding the transformative potential of Web 3.0 and the metaverse in reshaping how we interact online. However, a staggering 87% harbour concerns that the present condition of the internet will impede the realisation of these innovations.

What does this tell us? 

A significant source of concern arises from the technologies and CMS platforms employed by brands and businesses to build their digital real estate, such as websites and applications. We have found that even within heavily regulated industries, there is a reliance on CMSs that are highly susceptible to vulnerabilities and lack scalability. The issues are particularly acute with CMS solutions that rely on open source and organisations that have deployed multiple legacy or isolated layers within their web management platforms.

According to our survey, more than half of the respondents (57%) acknowledge the existence of security flaws on their websites. Such vulnerabilities can profoundly impact brand loyalty, as highlighted by over 4 in 5 (84%) who admitted that customers would lose trust in the brand if they discovered these security flaws.

These substantial challenges can result in heightened platform outages, the exposure of security vulnerabilities with potentially catastrophic consequences, and render the web virtually unusable. At Forrit, we have coined the term “Web O.No” to depict this bleak future of the internet. The widespread adoption of Web 3.0, the metaverse, and the promising innovations envisioned for the future remain uncertain until we can streamline business web assets and avoid the pitfalls of Web O.No.

Time to integrate siloed CMS and do away with the legacy approach

The concurrent use of multiple CMSs significantly exacerbates website security vulnerabilities. Our survey unveiled a startling statistic: a substantial 9 in 10 (88%) of enterprises engaged in the management of more than one CMS. The concern is that deploying multiple CMSs results in a proliferation of administrators and vendors, consequently introducing numerous points of vulnerability into the system architecture.

The reliance on multiple CMSs or legacy systems poses a formidable challenge to web governance. This is leading to a worrying CMS sprawl trend, making it increasingly difficult for IT teams to manage and monitor the numerous systems within the organisation. For instance, upholding regulatory compliance and standards across the system architecture can become arduous and resource-intensive.

Our research underscores this concern: just over one-third (34%) of respondents acknowledge that managing multiple content management platforms compromises their control over website content. Additionally, nearly half (47%) express uncertainty regarding the number of individuals with access to the site and/or the capacity to upload content. Similarly, an equivalent proportion of experts (48%) confess to being unable to comprehensively track every web page and, consequently, the extent of content across their websites.

Moreover, organisations face the risk of outages, malfunctioning interfaces, and the presence of hazardous content concealed within overlooked pages of reputable websites when employing multiple website management systems. Alarmingly, 44% admit to relinquishing control over website content directly due to this practice.

Concerning open source proliferation 

Open source licences are designed to encourage collaboration and knowledge sharing, cultivate an environment of collective innovation and unfettered creativity. However, it is precisely this characteristic that exposes these solutions to significant vulnerabilities. The community-driven ethos of open source projects renders them susceptible to exploitation by malicious actors.

Open source solutions, often developed by multiple anonymous third-party contributors and reliant on shared source code, are particularly vulnerable due to the inclusion of plug-ins. These plug-ins, integral to the functionality of open source platforms, create entry points for hackers, exposing businesses to significant cybersecurity threats. Malicious actors can exploit and manipulate CMS plug-ins, leveraging them as vectors to infiltrate widely deployed projects and penetrate enterprise networks.

The prevalence of open source vulnerabilities has become a source of concern for C-suite executives. As an example, the recent discovery of the malicious XZ backdoor within the widely utilised XZ open source library exemplifies the magnitude of the issue. With potentially millions of devices impacted, the ramifications for businesses can be dire and far-reaching.

There is light at the end of the tunnel

Businesses need to prioritise migrating away from open source CMS platforms and transitioning to a unified composable CMS to regain authority over their websites and fortify their online security. Our survey suggests that 89% of respondents advocate for embracing composable architecture to future-proof digital assets. Unlike conventional non-composable CMSs, which confine businesses within inflexible frameworks, composable platforms offer agility and versatility. Through modular components, organisations can seamlessly adapt their digital infrastructure to evolving demands, mitigating the risk of service interruptions. Closed-source composable CMSs afford enterprises the agility and innovation associated with open source solutions without compromising data security and confidentiality.

There is a promising outlook for the future of the internet and the emerging technologies shaping it. However, the full potential of transformative innovations for businesses will remain unattainable until we confront the disorder within our current internet infrastructure. The prevalence of insecure, fragmented, and sprawling CMS systems poses significant security vulnerabilities for businesses. If we fail to take action promptly, we risk transitioning from Web 2.0 to “Web O.No.”


No posts to display