security updates

Security maintenance — and the ability to apply security updates quickly — is part and parcel to open source project success. 

Updating is typically done as part of the normal software release cycle, however, there are times when a security advisory needs to be released ASAP. A strong incident response plan builds a first defense line to mitigate and patch vulnerabilities. 

But what does a successful security response look like in action?

Let's start with the most important "best practice" of applying Drupal updates: stay out of your production ("live") site. Use a local environment (such as Acquia's Dev Desktop, WAMP, MAMP, etc.), remote development instance, or just about anything that's not your live server.