If you discover or learn about a potential error, weakness, or threat that can compromise the security of Drupal, we ask you to keep it confidential and submit your concern to the Drupal security team.
How we assign CVE's
This page explains a series of steps maintainers need to follow when security issues are reported to the Drupal Security Team
What is a Security Advisory?
The following information explains how the criticality levels as a general guideline for determining security risk levels.
Composed of a set of respected community volunteers, and one of the first dedicated Security Teams in an open source CMS project, the Drupal
At this point we are no longer accepting new D6 LTS vendors applications
How to Join the Drupal Security team
Security team procedures