C.1. Resources from the Drupal Security Team
The security team is a relatively large group of trusted individuals in the community who have knowledge and interest in keeping the Drupal product safe. Their exact mission is somewhat hard to state. Many security team members undertake side projects related to security but not specifically as part of the security team. As stated on http://drupal.org/security-team, the team's core functions are:
Dealing with reported security issues
Constantly reviewing the code for potential security weaknesses
Providing assistance for contributed modules' maintainers in dealing with security issues
Providing documentation on how to write secure code
Saying that we deal with reported security issues is a bit unclear. More specifically, it means communicating with the person who reported the issue, confirming the issue, understanding and fixing the issue, creating the new release and testing it, and announcing the fix via all channels available. This is a fairly standard method of handling security issue reports. To be sure that you are getting these notifications, remember to enable the Update status module on your site and sign up for the newsletter and/or the RSS feed from http://drupal.org/security.
With the meteoric growth of contributed modules and themes for Drupal, it would be impossible to scan every line of code that is being added. However, the team does keep a vigilant watch for new code that is potentially weak. In addition, it occasionally ...
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
