I start follow Backdrop as I have big intranet site with need high security management in D7 and I know sooner or later there will be a case whatever we will try move to D8 or stay with D7. What I believe gonna be the second option as the cost moving very specialised site to d8 will be to high. I think even maintain it by our self with higher security risk will be still considered much cost optimised then move to D8.
So Backdrop seams nice 3-rd option. Anyway as we choose Drupal back then exactly because of good security management. I need ask how it is or will be managed in Backdrop?
I mean that elements like (which is in Drupal):
- Security advisories, Security announcement and release process
- Writing secure code and code review, polices and procedures, best practices
- Establish Security Team