Dependence on the developer or corporate-level security?
Security is also closely linked to the maintenance of your site. If you choose an open-source solution, you are constantly dependent on the developer's performance and have no recourse in the event of inadequate security measures. One example is the CMS WordPress, which has often been the target of serious attacks worldwide. Due to the large number of plug-ins, new risks arise daily, which can hardly be avoided. The numerous security updates usually only follow when the first damage has occurred.
But constant security updates are not obligatory for the providers of open-source systems. Only the site operator is held accountable, so long response times are a risk for many shops and websites. As a rule, the maintenance contract is the only thing that can help you in the event of damage. The contract covers the obligatory services of the software operator, but due to deliberately open interpretations, timely performance is not always to be expected.
However, the security policy is based on different standards for SaaS providers. Here, holistic security departments are maintained that protect the software tool and the associated content in the best possible way. This means that website operators do not risk losing the basis of their business due to attacks or having to repair damage on their own. With SaaS providers, too, the specific services are noted in the contract terms.