I've recently seen some recommendations to use hook_hook_info to provide "groups" to core-provided hooks so you can move you

I recently evaluated the Bakery Single Sign-On System aka Bakery SSO aka Bakery on behalf of clients.

SA-CORE-2012-003 fixes an issue in the Drupal installer that enables an attacker to cause the site to use a different attacker-controlled database.

The security landscape is changing. There's been on and off talk about bounties for security vulnerabilities and some firms already buy vulnerabilities (SecuriTeam, ZDI). This also causes me to re-evaluate the value of a vulnerability.