We want to thank Tim Wayne from UAB Collat School of Business for the following security guest post!
Despite the news of security exploits and data breaches that shakes our confidence in information security on a daily basis, one of the biggest threats to security at work continues to be carelessness — at least according to the majority of business owners and managers as illustrated in the graphic below.
Dublin, 27. Sept. 2016. “Describe the DrupalCon in just one word!” - “EXCITING!”
First of all, I want to thank everyone who made my first DrupalCon this awesome and extra special!
Our whole team enjoyed a week full of new experiences, great sessions and - of course - old and new friends! The place, Dublin, was perfect to “seal” a new friendship or strengthen an old one with a good morning coffee (thanks to Commerce Guys by actualys and Mailchimp, the two coffee break sponsors!) or a good cold Guinness (I tried to remember the bar names, but actually I guess I sealed a lot of new friendships..).
Only 20 days are left until we head to Dublin to join the DrupalCon 2016! It’s the first time that we, the Drupal agency team from Bright Solutions (which is the "birthplace" of Drop Guard), arrive at a Con only with our Drop Guard team, so we can focus on our most famous contribution to the Community: our update management service tool “Drop Guard”.
Yes, we’d be happy to show people the great values which Drop Guard provides - but most of all we look forward to personal and honest conversations to progress in our work and as part of the Community!
Being casual about open source security is not funny. Headlines like the Panama Papers this year showed that an improvident dealing with security and updates can cause a huge damage. Fees are still a crucial reason for people to hesitate to secure their business by using charged services. This is not a pitty - this is grave.
There are many people out there who give a lot without receiving a reward. They see more benefits in helping and strengthen people, any kind of living being or purpose than in a regular salary.
More and more, midsize companies are excited by Drop Guard, recognising the benefits and values of using this tool.
This time we want to present undpaul to you, a Drupal agency from Hannover, Germany, that is built by an enthusiastic team of Drupal developers. Eleven team members support Anja Schirwinski and Johannes Haseitl, founders and CEOs, in their daily effort to please the needs of their customers best.
In doing so, the whole company let Drop Guard support them and let it provide continuous Drupal and website security for their clients. We asked the undpaul about what changed since they started to use Drop Guard on a daily basis.
Our existing users may have already noticed a few changes and improvements in Drop Guard. However, not everything is visible enough, so we decided to make a short list with the recent updates.
Drop Guard is now capable of managing your composer.json and composer.lock files, in the same fashion as you would do it normally via CLI.
When executing the update task, Drop Guard modifies the composer.json to accommodate the recommended module or core version and runs "composer update" command to keep the composer.lock in sync. Both files get pushed to the repository, and the only thing you need to take care about is running "composer install" to receive the updated packages.
As always, Drupal Security Team did an excellent job and the news on the security vulnerabilities reported on Wednesday wasn't a bombshell for most of us. Everyone had a chance to prepare and pre-allocate resources to take all measures necessary to patch the supported websites.
A quick recap for those who missed the buzz or just slowly waking up right now.
Two weeks ago we decided to run a little survey asking Drupal folks one simple, but provocative question “Why I don’t update my website continuously”. I decided to present you the results - and I can tell that some serious voices got out!
First, I want to speak highly of least 38 of 78 participants, who actually update their website continuously and seem to know exactly what happens if they wouldn’t do it.
Were you too busy to join our live webinar on 06/20? No problem, we present you the whole story right here:
Enjoy 30 minutes about how to
- sell support contracts with value to your clients
- automate update processes to save developer time
- establish a support process with existing resources
- maximise data security for clients as added value support
There is no question about the importance of regularly updating your Drupal installation, including core, contribs, and libraries.
No matter how you manage the workflow - by using dedicated tools, custom scripts, or just update the codebase via FTP - keeping the application's 3rd party code always up-to-date is a must for every open source project.
Without getting into the details of why this is important (in fact we believe our readers don't need to be convinced at all), we decided to imagine the consequences of intentionally ignoring all updates in your project or updating the codebase selectively, when some modules get their new versions regularly and the rest remains outdated.