Permissions, Access & Security
Permalink
When will documentation be available on the topic of security? Our clients are asking us how we secure their sites, but we've just recently started using Concrete5.7, which the company I work for decided to do based on my suggestion. They want to know its secure, unlike the many clients who come to us after their wordpress site has been hacked.
I know that core team members and core contributors are actively involved in looking for and fixing any potential security issues.
Security is taken very seriously and concrete5's HackerOne account is an example of this.
https://hackerone.com/concrete5...
"Created by security leaders from Facebook, Microsoft and Google, HackerOne is the first vulnerability management and bug bounty platform. We empower companies to protect consumer data, trust and loyalty by working with the global research community to surface your most relevant security issues."
http://hackerone.com/about
Regarding WordPress hacks, I believe many of those have been caused by plugins. This too is something that concrete5 addresses. For a concrete5 add-on to be added to the marketplace, it must pass automated tests for basic issues and is inspected by a person (generally multiple people). This does not mean add-ons are perfect, but I do think it helps reduce risk.