Drupal security team: past, current and future

Throughout the years, Drupal has taken a leadership role in the open source community on how to handle security releases -- we were one of the first open source CMS projects with a dedicated security team and, even to date, our security processes lead the industry in transparency and responsiveness. We set an example for other projects, and that is something we can be proud of.

Initially, the security team created releases as soon we were able to -- sometimes it took hours, but at times it took 3-4 months. As the number of contributed modules grew, though, so did the work of the security team. We then switched to bi-monthly releases. Regular, time-based releases proved to be a smart move -- it allows for better planning and coordination which increased our throughput. The security team has made a big leap forward; so far, we're keeping up with the workload, but only by the slimmest of margins.
Continue reading here....