1-3 March 2019

City, University London

Everything You Always Wanted to Know About Drupal Security* (*But Were Afraid to Ask)


Attendees don't need to have any special knowledge.

Session details

In this session, I'm giving a talk about what we should do if there is a bug or eventually a security issue that is discovered in an Open Source project.

As we are in Drupal Community, there are workflows that should be respected to report issues, especially following the Disclosure Policy of Drupal Security Team, most of the Drupal users are still not fully aware of how these issues should be reported, what qualifies a security issue to be a real vulnerability and how contributed projects' maintainers should act when they get warned by an existing security vulnerability in their code base.

We'll talk about previous examples from the last years: how the Drupal Security Team managed to release security updates.
What are the key moments in the workflows of security.drupal.org issues?
Why we should update our websites with at least highly critical updates ASAP?
How we should evaluate risk on a Wednesday evening when a contrib gets security updated aka. What are those codes and scores in a security advisory?
What we eventually should do if we find something in our or in someone else' code?
And many other questions related to Drupal Security will be answered in a story-based talk by a currently Provisional Member of the Drupal Security Team!

Skill Level
Session Track

Keynote speakers

Rowan Merewood

Developer @ Google

Saturday AM

Preston So

Director of R&I @ Acquia

Sunday AM

Sally Young

Developer @ Lullabot

Closing Keynote

Drupal apprentices

The best people to train new developers are developers

The Drupal Apprenticeship Scheme will be running a London intake in March. If you are interested in hiring an apprentice or know someone who would benefit from the scheme please get in touch via the link below.

  • Created and run by experienced developers
  • Teaches core skills and best practice
  • Extensive support for businesses and teams

We are also really keen to hear from people who might be interested in mentoring, training and helping us to develop and review training materials to make sure they stay absolutely current and relevant.

Find out more

Join the Drupal Association

The Drupal Association unites a global open source community to build and promote Drupal.

The Association is a not-for-profit organization that relies on individuals and businesses to fund everything they do for Drupal — from drupal.org to DrupalCon and community programs.

Connect with us and support our mission-driven work.

Support the Drupal Association

Hosting provided by