(sorry if you're getting a duplicate message)
On Sat, 12 Nov 2005 14:59:02 -0600, Patrick Barnes wrote
Do we have any information on Drupal's security track record?
PHP has
had its fair share of problems.
I'm not meaning to bash on Drupal or PHP, but these are important
concerns. I'm not going to pretend that Python and the Python software
currently in use are perfect, but security was one of the considerations
in their selection. It would be helpful to know how
spreadfirefox.com
was compromised. If their failures were problems with Drupal or PHP, or
if they were problems elsewhere would be nice to know. Assuming we'll
not learn that, we need to at least thoroughly investigate the security
records of any software we consider.
Here is a list of security track records for Drupal 4.x from secunia.
http://secunia.com/product/342/
Basically there were 1 security advisory in 2002, 2003 then 5 security advisories in
2005.
Also I would suggest to check out the video with title "100% availability,
scalability
and security with Drupal" from Drupal conference:
http://drupal.org/drupalcon-2005-media
--
Thomas Chung
FedoraNEWS.ORG (
http://fedoranews.org)
"..where you can free your knowledge for your free community!"