Forums:
Drupal has a very good track record in terms of security, and has an organized process for investigating, verifying, and publishing possible security problems.
Drupal's security team is constantly working with the community to address security issues as they arise. More information about this process can be found in that section of the handbook.
Is open source software secure?
The short answer is that open source software is as secure or more secure (in general) than commercial software. A good summary of the relevant issues can be found in this article from IBM: The security implications of open source software. The increased security of using open source was cited as one reason the White House switched to Drupal.
How Drupal Addresses Common Security Vulnerabilities
Drupal's API and default configuration are designed to be secure when used in their default modes. Issues like Injection, Cross Site Scripting, Session Management, Cross Site Request Forgeries, and others all have standard solutions in the Drupal API. For a more detailed review of the topic please read the Drupal Security Report.