How can plugin and theme developers keep up with security recommendations? I only stumbled upon this by accident… screen-capture from Slack.
When new security recommendations are made, the stakeholders need to know about it. If we don’t know about new recommendations, we won’t update what we’re doing. In that case, we’ll only ever be chasing security instead of getting in front of it. Is there any plan to create a blog for security related items, or to notify stakeholders when fundamentals change? I don’t have time to keep up with WP (or even Git discussions) for the most part.