The Drupal Security Team was originally created in 2005. Though we handled security issues before that, we didn't have a team with proper infrastructure until then. At that time, Károly Négyesi (chx) was the team leader. In July 2006 chx changed his role in the team and I promoted Heine Deelstra to be the security team lead. Heine recently stepped down as the security team lead, and I'm pleased to announce that Greg Knaddison (greggles) will be filling this role.

Greg has been a consistent member of the security team and both Heine Deelstra, the security team members, and myself unanimously agreed that Greg is the logical person to head the Drupal Security Team.

For those who don't know Greg, Greg helped write our free handbooks on security and wrote a book about Drupal Security. He has also talked about security and Drupal at many DrupalCons. Greg believes in my idea to automate where possible and empower project maintainers. In the coming weeks he will write blog posts to detail some changes made in the last year toward that vision and some tasks that still remain.

As the Drupal Security Team lead, Greg will be the point person for the team. He'll be responsible for coordinating the security team's activities and for making decisions when consensus doesn't arise.

Greg and I agreed on a target of 2 years for him to be in this role. If appropriate, he may continue in this role longer or be replaced before then, but this target helps to set an expectation about the time period. Setting this expectation should help Greg maintain enthusiasm for this role and increase the likelihood that our community will have continuity when that time is up. Greg works at Acquia and will be given 20% of his time to dedicate to the security team (in addition to using his own spare time).

Please join me in thanking Heine for all the great work he did, and in welcoming Greg.


Lisa Rex (not verified):

Wowza, that's is awesome! Congrats Greg!

sun (not verified):

Thank you, Greg, for stepping up!

Also huge thanks to all other security team members! -- You're doing one of the most important jobs in the Drupal community, and due to our security issue processes, many are not aware of the huge amount of work this actually requires.


eigentor (not verified):

Thanks Heine and a hearty congrats, Greg.
Still haven't read much of "Hacking Drupal", but what I read, I understood Greg is really serious about this topic.

Timeboxed commitment - this I find very interesting and might help some people that fear to be overwhelmed by a big role like this. You can step down after two years without someone calling you a burnout or whatever.