On 8/20/12 3:36 AM, Simon Schick wrote:
One thing I also really like at the TYPO3-philolsophy: If someone finds a security-issue he should immediately get in contact with the developers (of the extension and the TYPO3 security team) and discuss the issue with them. They decide how critical the bug is and will do a hard work to get the fix as soon as possible. If it is a very critical issue (someone could gain admin-access by something) they will send out an email that there will be a bugfix coming out at next-coming day at 9 o'clock GMT and everyone is advised to update his TYPO3-core or the extension. This is something I really like! To be prepared for some critical fix and knowing that (in a perfect case) no-one should have heard about that issue before who wants to hack my website :) Don't know if there's some similar security-policy in other communities than this :)
Drupal's security process is substantially similar, and also follows security best practices:
http://drupal.org/security-team --Larry Garfield -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php