Keeping up with Drupal security updates is key to protecting your site, but assessing contrib module security before implementation is just as important. In a new guest post on the Pantheon blog, Mediacurrent Senior Drupal Developers David Younker and Joshua Boltz share a practical guide for sizing up the security of contrib modules.
Try this 7-Step Security Inspection
To ensure a safe and solid foundation for your Drupal site, consider this 7-point assessment:
1. Has the module maintainer opted in to the security coverage?
2. Have you checked for the latest security advisories and release updates?
3. Is the module the recommended version?
4. Is the module deprecated or unsupported?
5. How many issues are in the issue queues?
6. Do you see any issues in the code?
7. Are you following best practices for patching? (Patch, don’t hack!)
Read More
Check out the Pantheon blog to read the full article.
Additional Resources
Security by Design: An Intro to Drupal Security | Webinar
Gaurdr for Drupal 8: Meeting Enterprise Security Requirements | Blog
