The TYPO3 Security Team has been founded in 2004. Real-life meetings mainly take place during the TYPO3 Snowboard Tour. If you are interested in contributing, please contact us.
Vulnerabilities that affect TYPO3 admins (BE user) and TYPO3 Install Tool as part of the standard Core Review Process. This means such vulnerabilities are treated as bugs and working on them is visible for everyone. The reason for this change is that using the Install Tool and being a TYPO3 admin requires the highest priviledge in TYPO3 context. TYPO3 admins don't need to exploit vulnerabilities to do harm on an installation.
Therefore TYPO3 admins should always be carefully selected.