Almost all of the sites we buildat Ugli are built on Drupal, and to some extent I've become an evangelist for the modular, open source CMS framework. Generally speaking, evangelists that you disagree with are annoying so I think it is probably worth explaining why I love Drupal so fervently, and attempting to compare it with the custom-built CMS solutions I used to prefer.

(I will assume that the requirement for a CMS of some sort is acknowledged and omit the arguments for using a CMS over a static HTML site. In my experience 98% of web projects will ultimately benefit from a CMS, but this discussion is for elsewhere.)

See the Drupal Wikipedia article for a good grounding of what it is.

It's free

This might sound obvious but it is sometimes overlooked as one of the key benefits. Custom solutions are not free (they need to be built), and most other available Content Management Systems are paid-for. The elves at Drupal have put together a world-class content management system which you can download and use totally gratis.

A custom CMS project would necessarily begin with the development of swathes of functionality which are already available (tested and, to a varying extent, documented) in a fresh Drupal installation and in easily installed modules.

It is thoroughly extensible

The core Drupal functionality (what you get with a fresh download) can be extended to do almost any website function you can conceive of. This is done by downloading and installing one of thousands of contributed modules.

Of course, a custom CMS is extensible too, but extending it requires the building from scratch of functionality which is (almost certainly) available in the form of an existing Drupal module.

The key thing to remember here is this: when developing using Drupal, the problem you are trying to solve is almost certainly not a new one. People have probably encountered it before, and the chances are there will be a contributed module at drupal.org which will plug the gap you are trying to fill. This realisation is one of the biggest stumbling blocks for new Drupal developers. Once you understand how many modules there are available out there, and you learn how properly describe your problem to Google and search for the one you need, a new world of Drupal possibilities opens up to you.

It is portable and very well supported

A custom-built CMS, unless it is exceptionally well coded and documented, will live and die with the relationship between the site owner and the guy who built it. Not so with Drupal. When your site is built in Drupal, you are much more free to fire your developers and choose new ones, and there are many of us available.

This is more a benefit to the owner of the site than to the developer (to my clients rather than me) but efficiency benefits everyone in the long term.

Drupal.org and hundreds of other sites offer documentation, tutorials and discussion forums to provide assistance to those developing websites and web applications using Drupal. It takes a while to learn how to navigate this mass of data, in the same way it takes a while to learn how to find modules, but the truth is out there.

It is relatively very secure

Drupal employs an open security model, rather than achieving security through obfuscation (as do competitor systems such as Expression Engine). When a security vulnerability is found and reported to the Drupal security team, the code is updated and a new release is quickly announced. Older installations are automatically 'informed' of the update by the core Update Status module, which alerts the admin user of the need to update.

In 1883 (that's before Drupal, history fans) the cryptographer Auguste Kerckhoffs wrote that the security of a system should rely on the strength of the key, not on the secrecy of the design of the system. In other words, you should assume that the would-be intruder knows everything about the system except the key itself, and secure it accordingly.

No system is completely secure. Coding errors and security vulnerabilities are inevitable, but a system built and supported by a very large community which openly fixes and announces bugs is more likely to achieve a better degree of security sooner than a private, for-profit organisation. Compare the real and perceived security of Windows and Linux, for example.

Here is Lullabot's interesting comparison of Drupal and Expression Engine from a security point of view.

Conclusion

There are many benefits to using Drupal, and they are as diverse as the requirements of the websites that use it; it is not possible to list all the features of a system which is so infinitely extensible. I hope that I have succeeded in outlining the more general reasons for choosing Drupal. If you think I have missed anything please add it in the comments.