Security is very important to Concrete CMS. The transparent nature of open source code is a double-edged sword: many developers can contribute security fixes quickly, but those who would exploit security errors can easily see how those fixes are applied. Consequently, the Concrete core team takes security issues very seriously, and works quickly to fix any reported issues.
But that doesn't mean security stops there. Securing the core of Concrete is only part of the solution. As a developer who uses concete5 to build web applications, you'll need to take the same care to ensure that your code is secure. Fortunately, Concrete contains a number of helper libraries and functions to ensure writing secure code is possible and easy to do.