Drupal Security: There is a Mini-DrupalGeddon every week and how to survive it

DrupaGeddon taught us all a very important lesson: security is not a state, it's a process, and when it hits, the damage is swift and sweeping. 

The first attacks started about seven hours after the Drupal security team released the Drupal Core security patch. Sites which weren’t upgraded immediately were all at risk. Many sites still haven’t been upgraded and are ticking time-bombs. 

The Drupal security team releases updates every Wednesday, but even then, preparing for and installing patches can take up a significant amount of your team’s development time. 

Luckily, there’s a solution. It’s called automation and it's already available to use. 

In this session, we will share how we’ve learned to tackle Drupal security: 

• How the Drupal security patch release process works 
• How to know when a new security patch is released
• Which tools we use to automate this process
• Why your Drupal hosting partner is a vital part of this process