Promoting Drupal security
As many of you might remember, we setup a security announcement newsletter, a history of all security advisories, and an RSS feed with the most recent security advisories. We strongly advised Drupal administrators to sign up for the list. With the recent drupal.org survey we asked people if they are subscribed to either the Drupal newsletter or the Drupal security announcements, and if so, how. Turns out that a fair amount of survey participants were not subscribed to either mailing list (see graph, read more). Additional research showed that the security announcements page is not very popular in terms of page views and that, to date, only 850 people subscribed to the security announcements by e-mail ...
To that extent, we created a new ad and put it into rotation on the drupal.org main page:
By periodically featuring a security ad on a prominent spot, we hope to generate some more visibility for the security announcements and to create some awareness with regard to the importance of tracking security advisories. We invested quite some time in setting up the security infrastructure. There is no reason not to use it. Thus, If you haven't subscribed to the announcements yet, visit the security page or check the newsletter settings under my account >> edit >> my newsletters.
(Thanks to Bert Boerland and Jamey Boje for creating the ad.)