Composed of a set of respected community volunteers, and one of the first dedicated Security Teams in an open source CMS project, the Drupal Security Team works to resolve reported security issues for code hosted on drupal.org, to review code for vulnerabilities, and to provide security expertise and assistance to contributors.
The Drupal community has an excellent track record of finding and fixing vulnerabilities in community-created code.
The number of security advisories shows consistent and reliable activity within the code contributors and the security team who guides the process of fixing and releasing security patches. Some interpret these numbers and say "a large number of vulnerabilities must mean insecure code." That analysis ignores the reality that all code has bugs (including security bugs) and the most important thing is an active group of coders and researchers finding and fixing bugs.
Security Team Presentations
The security team is usually well represented at Drupalcons and camps, to raise awareness and share tips on making sites more secure.
Security presentation at San Francisco 2010 for site administrators (includes video)
Security presentation at San Francisco for coders and themers (includes video)