Plone vs Drupal Security

There has been a Twitter exchange between David Straus and Alexander that has escalated onto Straus's blog regarding the relative security merits of Drupal and Plone.  

In my last comment I seem to have hit a nerve because David replied, "Does Plone even have a system for reporting vulnerabilities in modular, community-maintained code?"  While I'm aware of Plone's bug tracking system and security-at-plone.org, I'm not actively involved with security issues as a core developer or an add-on product developer.  I thought I'd turn to the community for a reasoned reply to him.  Would someone kindly hop over to http://fourkitchens.com/blog/2009/04/03/vulnerability-reports-are-not-indications-weakness and set the record straight?  

Thanks in advance

Thanks to Karl for the link and background.

Writers of the report have responded in their own spaces,
<http://www.zenofnptech.org/2009/04/drupal-security-and-other-cms-report-comments.html 
 >
<http://www.idealware.org/blog/2009/04/contemplating-open-source-cms-security.html 
 >

Interesting stuff!

_______________________________________________
Evangelism mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/evangelism