What is the thought here for this section ? As far as I am concerned the CVE is a valid industry comparison of security breaches known to users. You cannot track the unknown. What you can track is the known. CVE table identifies this and relates fact. Fact is that some CMS's (and all software in general) either add ons or core have inherent higher risk associated to past historical coding issues and their architectural footprint in general. It would be misleading to not give this comparison, and dismiss the issue al together.
This is not at all outside of the context. Drupal is one of the included subjects in the table and I try to keep all the discussion at one place. Also information about Drupal and Wordpress is disputed. See the Drupal talk page for more. 184.108.40.206 (talk) 23:44, 28 May 2013 (UTC)
I would prefer to replace the CVE table with references to studies done on the security of various CMS systems, such as the German Government study. I don't think providing raw numbers from the NVDA is useful or appropriate MatthewWilkes (talk) 04:16, 2 January 2015 (UTC)