By jonoratner on

Has anyone created a statement detailing how secure Drupal is for a client?

We need a summary of how secure Drupal is, as we are considering using it for a multinational well know organisation, for whom security is a big deal. If you can provide any 'official' copy that explains how secure Drupal is, that would be greatly appreciated.

Thank you.

Categories: Drupal 7.x

Comments

MJD’s picture

MJD commented

No idea if there is a security document but there is a security team... see http://drupal.org/security

However with any CMS (open source or in-house) security issues do come up from time to time. You can subscribe to the security newsletter via your account (both core & 3rd party modules that have been made available to the community are covered)

Drupal core is as secure as any other CMS in that new ways of attacking sites are being developed all the time so it's always a game of catch up.

3rd party contributed modules can also be a problem and of course if you write your own modules then it's up to you to make them secure!

As with any site if you don't set it up securely etc then that's a self inflicted problem....security is obviously a priority for you so Drupal as with an in-house written CMS needs to be tested from all angles including security... with a multinational presume you will have access to a full testing team!

Back to your main question, why not see which other large companies & government organisations use drupal, there are threads covering this... Look on the home page for a famous example (currently 4th headline down) for probably one of the biggest endorsements

martin@drupal.org.uk’s picture

martin@drupal.org.uk commented

http://www.lullabot.com/articles/drupal-and-expressionengine-security-mo...

Gives a good overview of drupal security.