Drupal has a very good track record in terms of security, and has an organized process for investigating, verifying, and publishing possible security problems.
Drupal's security team is constantly working with the community to address security issues as they arise. More information about this process can be found in that section of the handbook.
Anyone using Drupal should subscribe to the security mailing list (by editing your account profile) in order to automatically keep up to date with the latest security advisories of all types (see below).
Frequently asked questions:
Is open source software secure?
The short answer is that open source software is as secure or more secure (in general) than commercial software. A good summary of the relevant issues can be found in this article from IBM: The security implications of open source software. The increased security of using open source was cited as one reason the White House switched to Drupal.
How Drupal Addresses Common Security Vulnerabilities