Keeping Third Party Software Up to Date

We can't stress enough that security is a process, not a one time job. No software is perfect, you shouldn't assume the software you installed is without security problem. There might be security problem that hasn't been discovered yet.

Once you installed a third party software, you will need to monitor its development progress. If a security related problem is found, you will need to update the installed software. If you continue to let the software running without updating it, malicious party will be able to take advantage of the security problem. The longer it runs unpatched, the greater the risk.

To monitor the software's development, usually you just need to visit the software' web site regularly. If a security problem is found, often they will put an announcement on their web site.

Some software suffers from security problem more often than the others. Below we list several software that traditionally has serious security problem.

  • PHP-Nuke. PHP-Nuke is a very popular portal system. However it suffers from several security problem in the past. You should visit their web site at from time to time just to know if an update is released to fix a security hole. PHP-Nuke has a modular plugin architecture, if you use a module from outside PHP-Nuke distribution, you will also need to monitor the module's web site.

  • PostNuke. Postnuke is a similar system to PHPNuke. While it is considerably more secure than PHP-Nuke, it did have several security problem in the past. It is a good idea to monitor their web site at

Copyright © 2003

. .