Greg Knaddison (aka greggles) is the author of "Cracking Drupal" talks about some of the Drupal Security processes as well as a Drupal Security White Paper that was primarily sponsored by Examiner.com and Cydeck.
Greg also talks about the CertifiedToRock.com website, which analyzes a drupal.org username and gives it a rating from 1-11 based upon the level of participation within the Drupal community. To give some perspective, Greg was handing out hand-knitted Drupal hats to anyone at DrupalCon with a score of 5 or higher. Some of the highest scores are webchick with a 9, KarenS with a 10 and the top two scores of 11 for merlinofchaos & Dries.
For more information on Drupal Security, be sure to check out Greg's DrupalCon presentation"Drupal site security for coders and themers"