Drupal Security Report

This is the first report of it's kind. The report looks at how Drupal, the increasingly social publishing platform, handles the important task of maintaining security in systems that are built to take input from a variety of sources.

Sponsored by some of the leading firms who provide services to the Drupal market and written by leading experts on Drupal security, the report answers the fundamental question: is Drupal mature enough to deploy in my environment?

Drupal Security Paper update 1.1

Submitted by greggles
on Fri, 02/03/2012 - 00:00

We've just published a minor update to the paper. You can see the new version, 1.1, at http://drupalsecurityreport.org/about-drupal-security-report.

The changes in this version from the 1.0 publication in April include:

  • Updated sponsor text and images
  • License clarification
  • SA data expanded to include 2010 (through March 24) and 2005
  • Modifications for grammar and wording throughout

Check out the new release at http://drupalsecurityreport.org/about-drupal-security-report and thanks to our reviewers and those who provided feedback.

Why we chose Creative Commons Attribution No Derivatives

Submitted by greggles
on Thu, 02/02/2012 - 23:11

The Drupal Security Report is licensed under a Creative Commons, Attribution-No Derivatives license. We did this consciously and for several reasons that we wanted to share.

Protecting the credit for our sponsors

This report was a huge effort by Ben and I. In order to make that happen we had to get sponsorship from a ton of great organizations. Those organizations did this for a variety of reasons, but part of it is to associate themselves with the enterprise oriented customers who are concerned about security.

Drupalcon San Francisco: Report Version 1.0 Released

Submitted by greggles
on Mon, 04/19/2010 - 01:21

We're sitting here in the lounge of the Moscone center at Drupalcon San Francisco. Ben and I have just reached the end of a long journey and are feeling pretty happy.

About 6 months ago we began discussing the need within the Drupal community for a well researched and well written, concise document that could address the ongoing questions about security in Drupal.

And now, thanks to the support of great sponsors and numerous reviewers, we feel confident putting the 1.0 stamp on the report.

Sponsors

This report took us hundreds of hours to research, compile, and write.

The Drupal Security Report is licensed under a Creative Commons Attribution No Derivatives license. For attribution you must link to this site. Why?

cc-by-nd