FEMA Website Running Outdated and Insecure Version of Drupal

Last week we mentioned that Department of Homeland of Security (DHS) is failing basic cybersecurity practices by not keeping the software running on their website up to date with security updates. It is probably not surprising that agencies under the DHS are also leaving their websites vulnerable to known security vulnerabilities because they are failing to keep the software running on them up to date. That includes the Federal Emergency Management Agency (FEMA), which if you visit their website with our Drupal Version Check extension installed in your web browser (available for Chrome and Firefox) you will see is also running an outdated version of Drupal:

FEMA Website is Running Outdated Drupal Version

Further checking shows that the website is running Drupal 7.17 or 7.18, so FEMA has failed to update the software for over three months, the next version was released back in January, and they have missed the last two security updates.