Responding in Action to a Drupal Security Advisory
Security maintenance — and the ability to apply security updates quickly — is part and parcel to open source project success.
Updating is typically done as part of the normal software release cycle, however, there are times when a security advisory needs to be released ASAP. A strong incident response plan builds a first defense line to mitigate and patch vulnerabilities.
But what does a successful security response look like in action?
Applying Drupal Updates to a Production Website
Let's start with the most important "best practice" of applying Drupal updates: stay out of your production ("live") site. Use a local environment (such as Acquia's Dev Desktop, WAMP, MAMP, etc.), remote development instance, or just about anything that's not your live server.