I start follow Backdrop as I have big intranet site with need high security management in D7 and I know sooner or later there will be a case whatever we will try move to D8 or stay with D7. What I believe gonna be the second option as the cost moving very specialised site to d8 will be to high.  I think even maintain it by our self with higher security risk will be still considered much cost optimised then move to D8.

So Backdrop seams nice 3-rd option. Anyway as we choose Drupal back then exactly because of good security management. I need ask how it is or will be managed in Backdrop?

I mean that elements like (which is in Drupal):

  • Security advisories, Security announcement and release process
  • Writing secure code and code review, polices and procedures, best practices
  • Establish Security Team