The Drupal Security Team was originally created in 2005. Though we handled security issues before that, we didn't have a team with proper infrastructure until then. At that time, Károly Négyesi (chx) was the team leader. In July 2006 chx changed his role in the team and I promoted Heine Deelstra to be the security team lead. Heine recently stepped down as the security team lead, and I'm pleased to announce that Greg Knaddison (or greggles on will be filling this role.

Greg has been a consistent member of the security team and both Heine Deelstra, the security team members, and myself unanimously agreed that Greg is the logical person to head the Drupal Security Team.

For those who don't know Greg, Greg helped write our free handbooks on security and wrote a book about Drupal Security. He has also talked about security and Drupal at many DrupalCons. Greg believes in my idea to automate where possible and empower project maintainers. In the coming weeks he will write blog posts to detail some changes made in the last year toward that vision and some tasks that still remain.

As the Drupal Security Team lead, Greg will be the point person for the team. He'll be responsible for coordinating the security team's activities and for making decisions when consensus doesn't arise.

Greg and I agreed on a target of 2 years for him to be in this role. If appropriate, he may continue in this role longer or be replaced before then, but this target helps to set an expectation about the time period. Setting this expectation should help Greg maintain enthusiasm for this role and increase the likelihood that our community will have continuity when that time is up. Greg works at Acquia and will be given 20% of his time to dedicate to the security team (in addition to using his own spare time).

Please join me in thanking Heine for all the great work he did, and in welcoming Greg.


Les Lim’s picture

And thanks to everyone on the Drupal security team, as well.

lindsayo’s picture

Thank you, greggles, for all your amazing work on Drupal security and for continuing to keep us all safe. :P

tgeller’s picture

I'm just glad Greg will have the time to take this on! Such an excellent score -- congrats all around.

Tom Geller * * Oberlin, Ohio
See my videos about Drupal

davidhernandez’s picture

Congrats, Greg. I couldn't think of anyone better.

crimsondryad’s picture

Does this mean there will be a Cracking Drupal for D7? :)

greggles’s picture


Cracking Drupal is already pretty applicable to Drupal 7 since not that much changed from a security perspective.

There are two articles I've written which discuss this:
Improvements to Security in Drupal 7
Cracking Drupal Kindle Edition now available for $14.84 (Still relevant for Drupal 7)

I am working with my editor to try to convince them that a Drupal 7 version would make sense - we'll see if they bite.

Thanks again!

-- :)

benjamin.patch’s picture

It's always great to see yet another Colorado based Druplist rise to such an occasion.

databoy’s picture

That would be Drupalero, senor! ;-)

But I agree with the sentiment, of course... Congrats to greggles, and thanks to Heine for all his work!

databoy’s picture

"... and both Heine Deelstra, the security team members, and myself..."

The 'both' kinda sticks out at me, there. ;-)

braino’s picture

You said Greg will dedicate 20% of his time to the Security Team. Is it breaching security to say that? Maybe it should be edited to read, "an undisclosed quantity of time."

Just saying.