This paper exposes security vulnerabilities of the web based Open Source Information Systems (OSIS) from both system angle and human perspectives.It shows the extent of risk that can likely hinder adopting organization from attaning full intended benefits of using OSIS software. To undertake this study, a case study methodology was opted with fifteen public and private organizations being software companies and technology users. The respondents to this study were categorized as top  management, software developers, systems administrators and end users. Apart from intensive documentary review, critical investigation of onsite servers running nine web based OSIS systems has been done. The studied systems are MOODLE, OrangeHRM, ATutor, Koha, WebERP, vTigerCRM, OpenDocMan, OpenSIS and Zalongwa software.The study reveals that there are security weaknesses in locally customized OSIS systems and freely downloadable information systems from internet repository. This has been a result of uncoordinated operations and ad hoc performance of key OSIS stakeholders ranging from early stages of sourcing the said software, OSIS selection, adoption, customization, installation, upgrading and
routine management.

Keywords – Open Source Software, Information System, Software Security.