Putting to rest, once and for all, the FUD surrounding Drupal Security.
In case the banner imagery isn't enough to convince you that the world is moving on from the Drupal security discussion (yes, they are Drupal users. Thanks Acquia for the image), the following will assist:
- The Acquia Drupal Platform is trusted by highly security conscious customers like the Australian government, US department of defense and the European commission.
- Acquia is compliant with security standards and certifications such as SSAE16 (SOC1), ISO 27001, PCI-DSS, HIPAA, SOC2 and (as of Mar 2015) is in the process of becoming FedRamp compliant (US Federal Risk and Authorization Management Program). More information is available here.
- Drupal is designed to prevent critical security vulnerabilities, including the Top 10 security risks identified by the Open Web Application Security Project (OWASP)
- Drupal has proven to be a secure solution for enterprise needs and is used in high profile, critical websites, such as whitehouse.gov and many others
- Acquia Cloud is built to ensure that Drupal sites are hosted securely in accordance with best practices
- Acquia has a 100 page Security and Compliance package which can be provdied under signed NDA - please contact us if you'd like a copy
- The Drupal Security Team includes approximately 40 people. The security team created a framework to report and prioritize the mitigation of security vulnerabilities discovered both in Drupal core and in Drupal contributed modules
- You can read more about the Security Team goals here.