Is My Drupal Site Secure?

Guided discussion about evaluating the security of a Drupal-based website. The conversation will get started around some basics then open up for Q&A. The session will be "led" by Micah Tapman and Mark Major, two security professionals dabbling in the Drupal space.

Some sample questions to be expected:
- how do I check if my site is secure?
- how often do I need to check my site's security?
- what do I do if my site has a security problem?
- are modules downloaded from drupal.org secure?
- is my site secure if I just use core and very popular modules like Views, CCK, etc.?
- what about securing my site for PCI, SOX, FISMA, or another security compliance framework?

What this session is not for is secure coding standards. We might delve into some technical bits and pieces but in general it's more about building and maintaining a secure site, and making sure that's happening by doing security assessments regularly.

Room: 
Colorado mountains