Well in spite of all the Drupal issues discussed in the InfoSec community lately, we’ve chosen Druapl for our blogging platform. After much research it still seems to have the smallest attack surface area of any of the major platforms. Short of writing our own blog, which doesn’t sound like fun at all, we’ve had to choose a major player in the space. And in this case, the Drupal team has recently proven to be quite responsive to what seems to be exploits that were responsibly disclosed. And that’s all you can really hope for in this environment.