The Joomla! Project takes security vulnerabilities very seriously. As such, the Joomla! Security Strike Team (JSST) oversees the project's security issues and follows some specific procedures when dealing with these issues.

https://developer.joomla.org/security.html
———
20 Years of Joomla! - A Bright Future Ahead