Karanbir Singh wrote:
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues. It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.