Drupal Security

Drupal uses an open security model, to publish vulnerabilities, issue patches for known vulnerabilities and get independent audit of security issues using third party tools and its vast community.  With over 4000s contributed modules, the practices of Drupal.org, with it’s open security model, make it one of the most secure platforms to do business online and leverage community contribution toward a secure platform.

For the average Drupal site all that needs to be done is to keep its modules up-to-date and also the Drupal core version, which as of this writing is Drupal 6.12 and 5.18. Some deployments of Drupal have massive changes to the core, which should be an expecption managed by the client (that engages in the development effort, understands risks and alternatives)  – that if changes are made to the core or to a contributed module, then there is an strategy in place to test the site for various security issues, independently of Drupal.