A study from the North Carolina State University discovered that projects which are using open source libraries are updated 60% more often when using automatic updates via pull requests. The base of the study are 7,470 repositories on GitHub. This blog post is a summary of the most important facts and highlights of the methods, challenges and tools when it comes to use of automation for reaching a higher security level while using open source libraries.
There are 3 main facts why open source updates are a pain for developers
Developers are always busy and doing updates is no fun
Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.
Dip Your Toes in the Sea of Security - by James Titcumb
While working with other agencies and NGOs during the last 1,5 years, we collected more and more information about the time and money that Drop Guard will save your agency. On our website, we claim that Drop Guard will cut your update costs by 40%. CTOs and COOs want to challenge numbers like this and ask how exactly this ROI is calculated. That’s why I want to share the detailed information in this blog post with you.
Security updates are released every Wednesday. If you work in a Drupal shop that cares about security, you have to apply updates for every site every Wednesday or at least Thursday.
With the end of September, DrupalCon Vienna is also coming closer and we can't wait to welcome you to our booth #S08. As a Silver sponsor of the event, we'll have the chance to present continuous update management to you on site. But - we also can't wait to learn a lot from other agencies and attendees! At DrupalCon there's always a chance to learn something new, be it a whole new approach or a connecting piece of unidentified issues - by asking but most of all by listening.
When it comes to new tools, different workflows or any other kind of process changes, a company needs to ensure that the changes happen as smooth and resource saving as possible.
Drop Guard will undergo some big improvements this year to keep this switch for our users, developers, small Drupal shops and big agencies, as simple as possible. Besides outside-feedback from customers, we always love to hear the thoughts of our own team members. This time, we want to share an interview with our web developer Serkan Bekdemir, who’s now responsible for the Drop Guard usage in our own company, Bright Solutions.
Enjoy a scoop of honest critique and suggestions!
A lot of Drupal community members, who are interested in or already use Drop Guard, were waiting for this ultimate guide on continuous security in Drupal. Using Drop Guard in a daily routine improved update workflows and increased the efficiency of the website support for all of our users. But there were still a lot of blind spots and unexplored capabilities such as using Drop Guard as an "SLA catalyser". So we've stuck our heads together and figured out how to share this information with you in a professional and condensed way.
Were you too busy to join our live webinar on 06/20? No problem, we present you the whole story right here:
Enjoy 30 minutes about how to
- sell support contracts with value to your clients
- automate update processes to save developer time
- establish a support process with existing resources
- maximise data security for clients as added value support
To join, use the following YouTube link.
Most Drupal shops depend on a transactional business model which requires hunting for new projects every month. Building Drupal applications is a great base to add more value to your business by selling support contracts, to grow your recurring revenue and deliver continuous value for your clients that have built their online business with Drupal. Using the transactional project business strategically to sell support contracts can help Drupal shops to grow fast and sustainable.
If you want to grow recurring revenue by providing SLAs for your Drupal projects, automation is THE key to offering a reliable response time. Of course, you could build a dedicated 24/7 support team, but the cost will be exorbitant. There are many tools out there for digitizing your support and automating some of the processes.
Automation will save you resources and simultaneously prevent mistakes. Nevertheless, at some points along the support process, there should be people in contact with your client. Support is also a kind of marketing that you get paid for! That's why a well-defined support concept is the key to success.
Selling support is not so easy. Mostly you end up with agreements such as getting paid only if there’s a support request. If you want to provide reliable support with a well-defined response time, you need to allocate resources constantly, and that's why you need to get paid separately for the response time. The value for your customer is clearly that an experienced user, who also knows details of the project, is available whenever he or she is needed. A support contract with a well-defined response time keeps at least some of the project team members available, so the knowledge doesn’t get away.