Open Source Security Teams

Managing security for an open source project is a challenge to say the least. The sheer volume of reports, the resulting noise, securing an aging codebase, handling disclosure – all difficult to handle, but just the tip of the iceberg. 
How do you motivate and organize a volunteer team? 
How do you keep sites and users secure with so much third-party code? 
How do you educate users? 
When is it okay to break things to fix security issues and how do you manage reputation when you do? 
How do you decide what issues to keep private and public? How do you balance the need for security with the need for privacy.  
How do you vet new members to your team when you don't know them or their intentions. 

Come to this panel discussion to learn about how Wordpress and Drupal's security teams answer the above questions. 

Session Track

Building Community

Experience level


Drupal Version