Earlier this month at Drupalcon, the Drupal Security Team held a Birds of a Feather (BOF) session on how to improve communication.

One of the outcomes was to make it clearer which security advisories relate to Drupal core, and which ones relate to contributed add-ons. The other to separate security announcements from security advisories. There are now three new forums, and three corresponding new RSS feeds, available for tracking both security advisories and announcements.

This separation makes it easier for people to tell what they absolutely must pay attention to -- anyone running Drupal should pay attention to Drupal core advisories -- and what they'll have to cherry pick based on the add-on modules they've installed.

This is an important improvement for Drupal Web CMS managers as it will reduce the likelihood that red flag updates will get lost in the noise. See the Drupal Security page for more information.