So, I'm writing from Drupalcon Is Drupal an Enterprise Solution? which is an interesting and awesome presentation.
Web application security
Secondly, Rasmus this morning had some great quotes this morning. jeff captured one that I really liked:
When I'm surfing around to find hackable sites, I love to find hand-rolled CMS systems. I know I can hack them in a heartbeat. If I see a site is running on Drupal, or Joomla!, or another CMS? I know there may be a hole, but as soon as they fix that hole, everyone using them is safe.
But there was another fun one from Rasmus. He was talking about his XSS XSRF scanner and how about half of the major banks that he scanned with it had major security problems. He wanted to release his tool as an open source tool, but was concerned about the frequency of the bugs it found and how many companies would be exposed overnight with problems that would ruin their banks/customers. That would be sad. So, as he discussed this he was like "yeah it would be nice to release to the world because it works pretty well but..."
"I didn't want to be the guy that released the tool that broke the whole web."
Yeah. I think we all agree that we don't want to be "that guy."
Open Source in the "enteprise"
Someone from the audience (who works for the US government) dropped this quote:
"build" vs. "buy" vs "assemble and extend"
That's really valid and I hadn't heard it before. "build vs. buy" we're all familiar with. But where does open source fit into that equation?
Getting More Folks to Adopt Drupal
Final quote I just heard was in response to the question of how do we get everyone to drink the Drupal "Kool-Aid"?
Chant! Chant! Drink! Die!