Unfortunately, I keep seeing agencies / freelancers which unconsciously or consciously disregarding TYPO3 security announcements. This is irresponsible! You and each of your TYPO3 developers/integrators & project managers which are working with TYPO3 must be automatically notified.
By email: the official mailing list
Information about security bulletins are always being announced on the official “TYPO3 Announce” mailing list. Every system administrator who hosts one or more TYPO3 instances, and every TYPO3 integrator who is responsible for a TYPO3 project should subscribe to this mailing list, as it contains important information. You can subscribe at the TYPO3 Announce mailling list with little effort.
It’s a read-only mailing list, which means that you cannot reply to a message or post your own messages. The announce list typically does not distribute more than 3 or 4 mails per month. However it is highly recommended to carefully read every message that arrives, because they contain important information about TYPO3 releases and security bulletins.
By joining the TYPO3 Slack Community
Nowadays the TYPO3 community communicate at https://typo3.slack.com. You could join the Slack community via (http://forger.typo3.org/slack). There you join the official #announcements channel, install the client app on your mobile device (and you’re done).
there are some additional communication channels to stay up2date on security advisories:
Assuming you use Twitter there is also an official Twitter account @typo3_security which you should definitly follow.
Subscribe the Security Bulletins RSS feed if you love and follow RSS feeds.
There is an official TYPO3 Security Guide.
Take TYPO3 security seriously!!!1
…at least from now on. ↩