A study from the North Carolina State University discovered that projects which are using open source libraries are updated 60% more often when using automatic updates via pull requests. The base of the study are 7,470 repositories on GitHub. This blog post is a summary of the most important facts and highlights of the methods, challenges and tools when it comes to use of automation for reaching a higher security level while using open source libraries.
There are 3 main facts why open source updates are a pain for developers
Developers are always busy and doing updates is no fun
Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.
Dip Your Toes in the Sea of Security - by James Titcumb
Automatic updates have been discussed since years already. The pro and con of letting Drupal update itself are discussed in different Drupal.org issues queues. It was not a big surprise that Dries mentioned automatic Drupal core updates as part of the strategic roadmap of Drupal in his Driesnote at DrupalCon Vienna 2017.
While working with other agencies and NGOs during the last 1,5 years, we collected more and more information about the time and money that Drop Guard will save your agency. On our website, we claim that Drop Guard will cut your update costs by 40%. CTOs and COOs want to challenge numbers like this and ask how exactly this ROI is calculated. That’s why I want to share the detailed information in this blog post with you.
Security updates are released every Wednesday. If you work in a Drupal shop that cares about security, you have to apply updates for every site every Wednesday or at least Thursday.
With the end of September, DrupalCon Vienna is also coming closer and we can't wait to welcome you to our booth #S08. As a Silver sponsor of the event, we'll have the chance to present continuous update management to you on site. But - we also can't wait to learn a lot from other agencies and attendees! At DrupalCon there's always a chance to learn something new, be it a whole new approach or a connecting piece of unidentified issues - by asking but most of all by listening.
Drop Guard is in a continuous process of optimization and development. As it is still a unique platform concept on the market place, we started years ago with a sketchy blueprint of what Drop Guard is today - and rather will be in future. With this post I will give you a quick overview of what is planned and something which is a little secret between you and me.
When it comes to new tools, different workflows or any other kind of process changes, a company needs to ensure that the changes happen as smooth and resource saving as possible.
Drop Guard will undergo some big improvements this year to keep this switch for our users, developers, small Drupal shops and big agencies, as simple as possible. Besides outside-feedback from customers, we always love to hear the thoughts of our own team members. This time, we want to share an interview with our web developer Serkan Bekdemir, who’s now responsible for the Drop Guard usage in our own company, Bright Solutions.
Enjoy a scoop of honest critique and suggestions!
Manuel, our CEO, and I spent our last Thursday and Friday on the European Drupal Business Days in Frankfurt, Germany. The event was the third of its sort, attracting CEOs, Marketing Managers and other influencer. As the event title might tell in advance, it was a business and marketing tailored session schedule throughout.
After a kicking Keynote from Jeffrey aka Jam, Manuel just jumped on the “sell value, not Drupal code” train with his session “recurring revenue in the Drupal business”. Sure, we all know the power of "content first" but do we really adjust our thoughts and steps to this mantra? I don't think so. Value entails revenue. Not the other way around.
We, at Drop Guard, never stop thinking what else can we do to help Drupalistas around the world to get aboard of the continuous update process ship (as we call it) as soon as possible. More and more threats are being discovered every day, and it's absolutely imperative to stay alerted all around the clock either with help of automation platforms like Drop Guard or doing things your own way.
Let’s see where to start first. There will be a lot of “first” today in this post, that’s really exciting and shows that 2017 started quite encouraging. The Splash Awards took place yesterday in Hamburg - it’s the first time that Germany hosted this Drupal event. The first Splash Awards ever were organized by the Dutch Drupal Foundation in the Netherlands back in 2014 (thank you for encouraging all other countries!).