The TYPO3 Association is a member of eco—Association of the Internet Industry. The author is head of member services & head of cyber security services at eco.
If you don’t keep an eye on the security of your websites, you run the risk of opening the door to cyber criminals. They are constantly on the lookout for security vulnerabilities with the aim of getting into the system through the back door. To counteract this, eco—Association of the Internet Industry, and the open source CMS communities have been working closely together for years. The TYPO3 Association and the eco Association have enjoyed cross-membership since 2014 and the two associations interact regularly. Building on this, eco and the TYPO3 Association are now intensifying their relationship and collaborating on mutually important topics, such as IT security.
With more than 1,100 member companies, eco is the largest internet industry association in Europe, and IT security has been a focus of its work since its foundation in 1995. IT security is a basic prerequisite for the further digitalization of our living and working environments, which is why we have been working for more than a decade on improving the security of company websites. This began in 2010 with our then security initiative, botfrei, which was aimed at pointing out the dangers of poorly protected CMSs and helping to close corresponding vulnerabilities.
A Plus for CMS Security
In 2013, the eco Association intensified its security efforts and founded the Initiative-S. In this project, eco also developed scan tools that could provide reliable statements about the security of individual websites. Here, we found a process to check the security of websites and, if necessary, to provide tips for more security. As a result, the security of commercial and private sites improved considerably.
With the support of the German Federal Ministry for Economic Affairs and Energy (BMWi), eco developed the free service that scanned company websites for malware. The initiative also provided help with cleanup and protection against new attacks.
In the following years, eco intensified its cooperation with the CMS community. In order to create more security for TYPO3, WordPress, Joomla!, Drupal, and many other Open Source CMSs, the people responsible interacted directly. To this end, they met in the Competence Groups Security and Abuse at eco, for example, to take advantage of the opportunities for the direct and informal exchange of experience and ideas.
Working Together to Strengthen Website Security
“eco, with its collaborative mindset, has been very helpful in bringing different stakeholders to the table,” says David Jardin of CMS Garden, an association of CMS open source communities. All parties involved benefited from greater know-how and more best practices regarding the best possible configurations. Recommendations were jointly developed, for example, regarding the optimal system management and for different usage scenarios. “Hand in hand with CMS and the eco association, we have helped connect the open source communities with industry partners and advance the issue of security.”
The next big step came in 2017 with SIWECOS, as a successor to Initiative-S. SIWECOS stands for Secure Websites and Content Management Systems. The project was implemented by the eco Association in cooperation with CMS Garden, the Ruhr University Bochum, and other partners, and was funded by the German Federal Ministry for Economic Affairs and Energy (BMWi) as part of the “IT Security in Business” initiative. The basic premise behind the project was that many small and medium-sized enterprises aren’t even aware that the software behind their website has security vulnerabilities. SIWECOS could check the security of a website in just seconds.