Skip directly to content

Drupal Security Report minor update 1.3

on Tue, 03/11/2014 - 21:00

We've posted a very minor update to the security paper today. The new version is available at

Drupal Security Paper update 1.2

on Tue, 12/03/2013 - 19:02

Today we're posting a minor update to the Drupal Security White Paper. Our first update since 2011!

You can see the new version, 1.2, at

The changes in this version from the 1.1 publication in 2011 include:

  • Security Advisory stats up till October 1st 2013
  • Updated to address OWASP Top Ten for 2013
  • Additional minor text updates

Check out the new release at

This is the first report of its kind. The report looks at how Drupal, the increasingly social publishing platform, handles the important task of maintaining security in systems that are built to take input from a variety of sources.

Sponsored by some of the leading firms who provide services to the Drupal market and written by leading experts on Drupal security, the report answers the fundamental question: is Drupal mature enough to deploy in my environment?

Last update: March 2014

Why we chose Creative Commons Attribution No Derivatives

on Thu, 02/02/2012 - 23:11

The Drupal Security Report is licensed under a Creative Commons, Attribution-No Derivatives license. We did this consciously and for several reasons that we wanted to share.

Protecting the credit for our sponsors

This report was a huge effort by Ben and I. In order to make that happen we had to get sponsorship from a ton of great organizations. Those organizations did this for a variety of reasons, but part of it is to associate themselves with the enterprise oriented customers who are concerned about security.