In the prototype of the redesign About page, the copy reads (linked text is in bold):
Dedicated Security Team We take security seriously and have a dedicated team that has a proven track record in dealing with your security issues professionally and efficiently, meaning you can spend more time creating your site.
What do you suggest we use that demonstrates a proven track record? I suggest a new node, that is almost a 'marketing' page of the Security Team, including linking to the Drupal Security White Paper: http://drupalsecurityreport.org/
The alternative is we a) don't link this text or b) remove that phrase altogether.
Prototype: https://infrastructure.drupal.org/drupal.org-style-guide/prototype/about...
Suggested links for the About page: http://drupal.org/node/428394#comment-3246728
Comments
Comment #1
lisarex CreditAttribution: lisarex commentedcorrecting tag
Comment #2
coltraneAs part of writing the Security White Paper I collected some stats on the Team's Security Advisories. From this we *could* provide details like number of vulnerability reports, number of SAs, time to fix from report etc. I'm not so sure that we *should* provide this data on that page though.
We could also link or take some text from Dries' post http://buytaert.net/drupal-security-team-past-current-and-future
Comment #3
gregglesI think some statistics and resources could help show a "track record" of our actions.
Though we would need to explain that number of vulnerabilities show reliable activity and is not an indication of the weakesses.
And of course a link to DrupalSecurityReport.org makes complete sense to me ;)
Comment #4
coltraneThe Paper contains a lot of the marketing text needed, it makes sense to use it and link to drupalsecurityreport.org. Table 1 in it provides greggle's first two points, number of SAs in core and contrib for the last several years.
Comment #5
lisarex CreditAttribution: lisarex commentedGreat, I've created an unpublished page here, within the About > Security team section:
http://drupal.org/node/872034
If folks could update this page as needed, or provide comments, that would be great.
I can also get a volunteer to hunt down some of the presentation links. If you have links to presentations the security team has made over the past couple years, handy, note them down.
Comment #6
coltraneHere's the latest one with slides:
Security presentation at Copenhagen for coders and themers http://acquia.com/blog/drupal-security-presentation-drupalcon
Here's two from San Francisco with video
Security presentation at San Francisco for site administrators http://sf2010.drupal.org/conference/sessions/drupal-security-site-admini...
Security presentation at San Francisco for coders and themers http://sf2010.drupal.org/conference/sessions/drupal-site-security-coders...
Comment #7
lisarex CreditAttribution: lisarex commentedGreat! I've linked to that page, published it, and linked it from the new about tpl: http://redesign.drupal.org/about (drupal:drupal)
The new page will appear in the redesigned site sometime within the next 24 hours, but in the meantime it can be viewed at http://drupal.org/node/872034
Feel free to reopen if there are any other problems.