On 8/20/12 3:36 AM, Simon Schick wrote:

One thing I also really like at the TYPO3-philolsophy: If someone
finds a security-issue he should immediately get in contact with the
developers (of the extension and the TYPO3 security team) and discuss
the issue with them. They decide how critical the bug is and will do a
hard work to get the fix as soon as possible. If it is a very critical
issue (someone could gain admin-access by something) they will send
out an email that there will be a bugfix coming out at next-coming day
at 9 o'clock GMT and everyone is advised to update his TYPO3-core or
the extension. This is something I really like! To be prepared for
some critical fix and knowing that (in a perfect case) no-one should
have heard about that issue before who wants to hack my website :)

Don't know if there's some similar security-policy in other
communities than this :)

Drupal's security process is substantially similar, and also follows security best practices:


--Larry Garfield

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to