We've started to see an increase in public discussion about the Drupal security team's activities lately. There's been some good threads on the developers mailing list, and this one is the latest.
Greg Knaddison has made an excellent post summarizing the activities of the Drupal security team over the last couple of years. Greg's post details what's become obvious, the security team is very active and working hard to improve Drupal security. Unfortunately, it looks like hard work and regular improvements to Drupal core and contributions security might not be enough.
While the security team has been putting more resources into security education, it needs to do more. We've made two important improvements to the marketing of Drupal security this week. First, we've added a link to "Write secure code" to the contributor links block in the dev references section. This will be visible to approximately 30K authenticated users who log into Drupal each month.
Next, we've added a security link to each of the 2500 project pages. Let's see if making security more visible, through better marketing makes a difference.
