Posted by greggles on January 18, 2011 at 8:07pm
First, if you haven't already you should sign up for Drupalcon Chicago.
This year we've got a relatively small number of sessions at Drupalcon Chicago about security.
- Drupal Security for Coders - this is a presentation on the most common attack scenarios and how to code/configure to protect against them
- Security: Process, Code & Hands-on Training - this is a pre-conference training that is an all-day deep dive into the topic of Security.
Security Team meeting
Traditionally this is also a time for discussing the Security Team's status and ways we can improve our processes. We also will use this as a time to get to know and potentially welcome in new members.
If you are interested in joining the team, it would be good to mention that (as a comment here, in a mail to the security team) so we can meet you at Chicago.
Security BOF
BOF proposals are not quite open yet, but definitely a security bof seems like a good idea. Some possible topics are:
- What can we do to make reporting, fixing, releasing security issues easier for project maintainers
- What do you love or hate about Drupal's API in terms of making it too easy to create vulnerabilities
- What additional features could be added to Drupal's API to make it more secure
Comments
And now I've posted a survey
And now I've posted a survey to gather feedback about security in Drupal.
I'd love to get some responses from the 122 folks in this group :)
knaddison blog | Morris Animal Foundation
Secteam
I'd be open to contributing to the Drupal security team per the above, although I will not be attending Drupalcon Chicago. After spending 2 winters in central Illinois, I have a personal rule to not travel to that part of the country before May :) Feel free to drop me a line if the security team needs help. This is me: http://www.linkedin.com/in/robertjbrown.