We make it easy for you to keep everyone safe

The Backdrop Security team consists of trusted members of the backdrop-contrib group who have security experience.

Our mission includes:

  • to take the burden of project maintainership off of single individuals, and making it a responsibility of the community to step in when needed
  • to improve the overall security of contributed projects by having multiple people capable of keeping everything up to date

Our responsibilities include:

  • Responding to all contact via the security@backdropcms.org email address.
    • Handling reports of potential new security issues.
      • Communication with the reporter.
      • Testing of potential vulnerabilities
      • Fixing of actual vulnerabilities
    • Managing security releases for existing Backdrop contrib projects.
      • Communication with the project maintainer.
      • Assist with fixes when requested.
      • Updates to project notes on backdropcms.org
  • Collaborating with the Drupal security team on core issues that affect both projects.
  • Following Drupal conrib security releases, and notifying Backdrop maintainers.
  • When Backdrop maintainers are unavailable, creating security releases.
  • Coordinating security releases for both core and contrib.

You may apply to become a member of the Backdrop Security Team by creating an issue in the contrib queue. GitHub members can view a list of people on the Security team.