Monday, June 11, 2012

Drupal Security Team update - June 2012

This post aims to share information about the Drupal Security Team in 2011 and midway through 2012. The team processed a significant number of security advisories, added a few members, improved the free education materials in the handbooks, presented at dozens of camps and user groups, and made several improvements to our workflow (including some user facing changes, see below).
Some quick numbers:
You may notice that for the calendar year of 2011 there were fewer SAs than there were issues created. There are lots of reasons why that happens (mostly invalid issues or issues that affect versions not supported by our policy).

Improved security issue reporting process
This change is so exciting that it deserves its own section in addition to being listed below. The "Report a Security Issue" link on project pages now links directly to the issue queue for that project. Using that link instead of sending an e-mail removes one of the final "copy/paste" jobs from the security team’s workflow.

No comments:

Post a Comment