We've just added a page detailing CiviCRM's security policy and release process.
This page is intended to help people identify how they can stay abreast of security updates, know when to expect them, and how to tell which release of CiviCRM to expect security fixes for.
If you maintain or operate a CiviCRM site (or sites!) then you this is a page you should be familiar with, and there are a few actions you should take -
Sunday 20th and Monday 21st April was CiviCRM Bootcamp in Melbourne - an excellent couple of days of training, discussion, and discovery.