In the prototype of the redesign About page, the copy reads (linked text is in bold):

Dedicated Security Team We take security seriously and have a dedicated team that has a proven track record in dealing with your security issues professionally and efficiently, meaning you can spend more time creating your site.

What do you suggest we use that demonstrates a proven track record? I suggest a new node, that is almost a 'marketing' page of the Security Team, including linking to the Drupal Security White Paper: http://drupalsecurityreport.org/

The alternative is we a) don't link this text or b) remove that phrase altogether.

Prototype: https://infrastructure.drupal.org/drupal.org-style-guide/prototype/about...

Suggested links for the About page: http://drupal.org/node/428394#comment-3246728

Comments

lisarex’s picture

lisarex CreditAttribution: lisarex commented
Issue tags: -drupal.org identity +drupal.org redesign

correcting tag

coltrane’s picture

coltrane
he/him
CreditAttribution: coltrane commented

As part of writing the Security White Paper I collected some stats on the Team's Security Advisories. From this we *could* provide details like number of vulnerability reports, number of SAs, time to fix from report etc. I'm not so sure that we *should* provide this data on that page though.

We could also link or take some text from Dries' post http://buytaert.net/drupal-security-team-past-current-and-future

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles commented

I think some statistics and resources could help show a "track record" of our actions.

  • Number of core SAs in each year
  • Number of contrib SAs in each year
  • Links to presentations given by members of the team

Though we would need to explain that number of vulnerabilities show reliable activity and is not an indication of the weakesses.

And of course a link to DrupalSecurityReport.org makes complete sense to me ;)

coltrane’s picture

coltrane
he/him
CreditAttribution: coltrane commented

The Paper contains a lot of the marketing text needed, it makes sense to use it and link to drupalsecurityreport.org. Table 1 in it provides greggle's first two points, number of SAs in core and contrib for the last several years.

lisarex’s picture

lisarex CreditAttribution: lisarex commented

Great, I've created an unpublished page here, within the About > Security team section:
http://drupal.org/node/872034

If folks could update this page as needed, or provide comments, that would be great.

I can also get a volunteer to hunt down some of the presentation links. If you have links to presentations the security team has made over the past couple years, handy, note them down.

coltrane’s picture

coltrane
he/him
CreditAttribution: coltrane commented

Here's the latest one with slides:
Security presentation at Copenhagen for coders and themers http://acquia.com/blog/drupal-security-presentation-drupalcon

Here's two from San Francisco with video
Security presentation at San Francisco for site administrators http://sf2010.drupal.org/conference/sessions/drupal-security-site-admini...
Security presentation at San Francisco for coders and themers http://sf2010.drupal.org/conference/sessions/drupal-site-security-coders...

lisarex’s picture

lisarex CreditAttribution: lisarex commented
Status: Active » Fixed
Issue tags: +drupal.org redesign content

Great! I've linked to that page, published it, and linked it from the new about tpl: http://redesign.drupal.org/about (drupal:drupal)
The new page will appear in the redesigned site sometime within the next 24 hours, but in the meantime it can be viewed at http://drupal.org/node/872034

Feel free to reopen if there are any other problems.

Status: Fixed » Closed (fixed)
Issue tags: -drupal.org redesign, -drupal.org redesign content

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +drupal.org redesign, +drupal.org redesign content

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.