Open Source Security

Security maintenance — and the ability to apply security updates quickly — is part and parcel to open source project success. 

Updating is typically done as part of the normal software release cycle, however, there are times when a security advisory needs to be released ASAP. A strong incident response plan builds a first defense line to mitigate and patch vulnerabilities. 

But what does a successful security response look like in action?

Although the most likely cause of the massive Equifax data breach was the firm’s own failure to patch a two-month-old bug, the inherent security of open source software has become a trending topic in tech news.

Mediacurrent’s resident expert, Open Source Security Lead Mark Shropshire, is well-informed to join the conversation. We asked him a few questions to get his take on recent events.
 

Periodically, friends, colleagues, and clients ask me for recommendations on resources to keep up with the happenings in the security world. Even though I am focused on Drupal, I find it important to view security through a wide-angle lens.

If you’ve stumbled upon this blog, you probably already know the basics about Drupal. The sales pitch I usually hear starts with: it’s a powerful CMS, free, open source, and has a great community of developers powering it. Those statements are all true, but I like to believe that Drupal is much more than that. So I started researching, interviewing the team here at Mediacurrent, and came up with this list of 15 cool things you (probably) don’t know about Drupal - especially if you're new to the community.