- 2015-08-21: 50% less server load with MongoDB on the Drupal 7 site factory at France Télévisions
- 2015-07-15: Our first Drupal 8 production site at France Télévisions is live
- 2014-08-18: 400% speedup in 3 weeks for http://france3-regions.francetvinfo.fr/ : who said Drupal back-offices had to be slow ?
- 2014-02-07: Sotchi Olympics traffic not a problem for http://www.francetvsport.fr/ , which I rearchitected on Drupal 7 in 2013
- 2011-09-14: Completed migration of FranceInfo.FR from SPIP to Drupal
- 2011-07-13: The new social network features of Le Figaro are now powered by an OSInet-designed MongoDB implementation
- 2010-12-21: Madame Figaro brand new site by OSInet and others
- 2010-08-16: France.FR is back online with OSInet and Typhon
- 2010-06-15: the new France Culture, which OSInet helped reach its performance goals, is now online
Drupal security from the outside
The OSInet team recently attended Solutions Linux, a trade fair focused on FLOSS, and while chatting with a sales engineer from a company specialized in Typo3, got asked which CMS we used, and of course answered "Drupal".
At that point, that person flinched somehow, acknowledging that Drupal was indeed one of the "Big 3" in the CMS space, along with Typo3 and Joomla, but was plagued with security issues making it rather unfit for professional deployment, as opposed to Typo3, which took security issues seriously. Continuing the discussion, it appeared that company has indeed at least acquired some Drupal knowhow too, due to customer request, but the person doing the criticizing was not directly familiar with Drupal.
Now, skipping over the fact that criticizing competing products is usually not a sound business practice, and maybe even less so in the FLOSS ecosystem, I wondered why this angle of attack had been chosen against Drupal, and I did some comparisons.
|Security team page ?||Security page||no page found with either internal search engine or google||Security team section|
|Feeds/mailing lists||security announcements page (has feed)||A forum for 1.0||On the general announcement list|
|Policy||policy page||no page found with either internal search engine or google.||policy page|
|Security forum||no dedicated forum||two forums: one for 1.0, the other for 1.5||no dedicated forum|
So it seems Drupal and Typo3 have chosen rather similar ways of dealing with security issues, while Joomla chose to use forums for the same purpose. FWIW, the same ratio for microsoft.com is 536k/31M = 2%, much closer to Typo3's ratio than to the higher numbers featured by Drupal and Joomla.
The comparatively low appearance of "security" on Typo3's main site, and the very low number of security issues reported by Secunia for Typo3 might be the root of this "unsafe" assumption made by some salespersons about Drupal. However, this might also point to a development process being either less active or conducted in a more "closed" fashion: such blades are always double-edged.