Common Tasks for security team members

Last updated on
21 February 2019

In no particular order:

  • Work issues through the issue queue on security.drupal.org
    • Confirm new issues are valid
    • Review patches
    • Author patches (mostly for core, but also for modules you may care about)
    • Help review Security Advisories
    • Look at all issues on security.drupal.org that have not been updated in 2 weeks and ask for/provide an update to help move them forward
  • Educate others about security
    • Present about a security topic at a Drupal Event (meetup, camp, etc.)
    • Write blog posts
    • Edit the drupal.org handbooks about security
  • Attend one of the semi-annual meetings at DrupalCon
  • Work on issues to make security.drupal.org better
  • Find issues flagged "Needs public issue created", create one, link it from the original issue and close the original issue.
  • Find unassigned issues, and assign them to yourself and then work on them
  • Take a turn on triage duty - see also https://security.drupal.org/handling-triage-list-emails-and-new-issues
    • Respond to all incoming emails, if unsure of what to say check in irc or reply list only with a proposed draft
    • If a maintainer publishes a security release node, an email will be sent to the team. If the issue is real and does not already exist on s.d.o then file an issue, otherwise, use this template.

Help improve this page

Page status: No known problems

You can: