How does Drupal Security Stack Up?
Note: this is more of a guided conversation than a presentation.
Let's come and talk about how Drupal's Security fits into the bigger world of web application security. Are we doing well compared to other systems? Are we doing poorly? What can we do to make our security even better than it is?
This session will explore the current process that a vulnerability follows from a researcher finding it to a fix being developed, to a release on drupal.org to that fix being deployed on your site. We'll brainstorm all the ways it might get blocked along the way and think about ways we can make sure more vulnerabilities complete the process.
Then we'll dive into other systems and see how they handle vulnerabilities. Expression Engine, Jive, Wordpress, Joomla, Sharepoint - what are their security processes like? What are their policies? Again, we'll take a guided discussion tour of these systems to help identify how we can make Drupal's processes better.
Greg is the Director of Security Services for Acquia where he helps customers with security reviews and automated tools to make their sites safer. He tweets @greggles and is a groupie with Certified to Rock.