Cross-posted with permission from Outlier.com
Responsive, mobile-first web design is the latest trend to take hold of the web design community, and with good reason. With the advent of the mobile OS as a mainstream portal through which people are increasingly connecting to the internet, the needs of these users--and those of the relatively nascent tablet market--are becoming increasingly important. But rather than creating "mobile" versions of websites, which are often riddled with compromise, responsive design creates a single layout that works across all devices.
Drupal.org provides a number of pre-packaged distributions (e.g., Drupal Commons, DKAN, etc.) that allow users get a fully-featured Drupal installation up and running in no time, but maintaining an installed distribution can be tricky. You may need to juggle distribution updates with contrib module updates, core updates, and your own customizations. If you aren't careful, it can be come a maintenance nightmare!
When it comes to building Drupal sites with a team of developers, there's perhaps nothing more important than establishing a productive workflow.
Security issues are created in custom code when developers cut corners during development or don't make proper use of the APIs, among other reasons.
[Update 09/09/2013] I mentioned below that we'd make our scripts available for setting up BPF.