The White House launched a new version of its website on Saturday. While little has changed on the surface, the underlying technology is now powered by the open source Drupal content management system.
The www.whitehouse.gov site was previously served by Microsoft IIS 6.0, but the new server software identifies itself as “White House”. The new site continues to use Akamai’s content delivery network for caching.
Drupal is the 6th largest PHP-based content management system in Netcraft’s Web Server Survey, being found on more than 400,000 websites. Drupal’s security will no doubt be put to the test in the coming weeks, as the White House website has always stood as an obvious target for hackers. Drupal’s security team has a full disclosure policy of announcing security problems after they have been fixed, rather than withholding the information from its users.
Drupal’s core security advisories are made public at http://drupal.org/security. Eight advisories have been published so far this year, which have included two highly critical file inclusion flaws which could have allowed remote attackers to execute code on Windows servers.