ProudCity is proudly powered by open source technology. We embrace open source because it empowers us to be more innovative and build great products for local governments.
And, as the U.S. Department of Defense says about open source, “there are great benefits to be gained in reliability, performance, and security.”
Open source and security
There are still people in the world who believe open source is not secure. While this argument no longer holds water, we again defer to the Defense Department:
There are some misconceptions, however: for example, that open source software is not secure. Without delving too deep into this topic … consider that the single most popular web server software is, and always has been, open source: Apache. This code runs a vast swath of sites on the Internet. Do bugs come up? Of course! But they are often patched (fixed with a small amount of code) in mere hours after identification.
So, if open source software is secure enough for the U.S. Department of Defense, it’s secure enough for ProudCity.
WordPress and security
The core technology ProudCity uses is WordPress. ProudCity and the WordPress team take security very seriously.
From WordPress:
WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, and blogs. It currently powers more than 42% of the top 10 million websites on the Internet. WordPress’ usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes.
Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities.
…
The WordPress Security Team is made up of approximately 50 experts including lead developers and security researchers — about half are employees of Automattic (makers of WordPress.com, the earliest and largest WordPress hosting platform on the web), and a number work in the web security field. The team consults with well-known and trusted security researchers and hosting companies.
Government and open source security
- The Office of the National Cyber Director published a request for information.
- The White House hosts summits with business and key nonprofit orgs.
- The Cybersecurity and Infrastructure Security Agency created an OSS security roadmap.
- The National Institutes of Standards and Technology maintains the Open Security Controls Assessment Language.
ProudCity and security
As part of the measures we take, ProudCity follows proactive security protocol recommended by WordPress including but not limited to:
- Regular WordPress version updates
- Using only third-party plugins from trusted sources
- Regular third-party plugin updates
- Recurring site back-ups
- Secure login authentication
ProudCity also follows broader industry standard protocols to ensure the governments we work with are secure.
Updates to both the software and operating system are released to the ProudCity Platform every two weeks. Serious vulnerabilities, such as a WordPress core security update or the recent vulnerabilities are released immediately as a hotfix.
ProudCity employs additional optimization and software hardening based on industry best-practices. In addition, we thoroughly examine every plugin that is added to the platform to ensure that all websites remain as secure as possible.
And ProudCity provides what WordPress says are the “qualities of a trusted web host”:
- Readily discusses your security concerns and which security features and processes they offer with their hosting.
- Provides the most recent stable versions of all server software.
- Provides reliable methods for backup and recovery.
Safer together
ProudCity embraces a culture of openness. We leverage a large research and development ecosystem that takes security very seriously. As the Defense Department says:
“Some OSS is very secure, while others are not; some proprietary software is very secure, while others are not. Each product must be examined on its own merits.”
While nothing is ever 100 percent secure, we are safer — and more innovative — when we build together, in the open.
ProudCity is a digital government platform that makes it easy and cost-effective to launch and manage all aspects of digital government operations, including websites, meetings, online forms and payments.
Subscribe to our newsletter or connect with us on Twitter, LinkedIn and elsewhere.