I wish security was measured on a scale of 1 to 10. But it’s not a scale, instead, it’s considered by most security experts as a total philosophy, and a set of tools and actions. This does not mean it cannot be measured, and taking singling Joomla out is foolish. But looking at Joomla as part of your total site security makeup is the right answer. It’s a good idea to measure security holistically because if any part of your security is weak, it weakens your entire infrastructure.