In the world of music, being able to keep time accurately is vital when playing a piece, as even small deviations in timing can cause the notes played to sound “off.” Ordinarily a device called a metronome is used to provide consistent ticks that the musician can use, but most are not that visually interesting. […]
Enterprise agility is one of the most commonly adopted transformation approaches which comes up along with a lot of challenges. The companies need to reshape the organizational structures, make changes in the operational models and reform the old ways of working techniques. The agile transformation includes a big shift in organizational culture and that makes an organization ponder over it or even neglect it. But eventually, organizations realize the importance of it, apply agile transformation techniques, and receive immense benefits that help them evolve and move closer towards their goals and aspirations. This article will guide you through the right approach needed towards adopting the agile transformation in your organization.To successfully adopt an agile transformation, you need a plan
To succeed with the agile transformation, you need to clearly understand the fact that why are you making such time and effort to adopt this transformation and what exactly you want to gain from it. It is important to have clarity upon what changes you will have to make so that the desired outcomes can be achieved by your business. For this let’s firstly, understand the importance of preparing a proper business case for adopting agile transformation at your organization. It is important to convince the decision-makers to realize the significance of approaching agility in the work culture with the right business case. Before that, go through what agile development methodology actually means.Making business case for agile transformation
A business case explains the main objectives of the organization in regards to agile transformation. Generally, adopting agile leads to desired business outcomes but only if it is approached in the right manner. Therefore, it is essential to have some set important goals which will help in the overall growth of the company with agility. Here is an insight into the recommended goals.
The first and foremost goal is to meet customer commitments on time. It helps in building trust between customers and the company leading to customer satisfaction. Secondly, it is essential to maintain high-quality products and services as at times companies fail to deliver suitable services as promised to the customers. This further helps in building a good brand reputation for the company. Thirdly, one of the aims of adopting agility in an enterprise is to efficiently reduce their costs and maximize profits. Lastly, the companies expect an early return on investment with agility as by practicing traditional working methods they struggle with long delivery cycles which do not allow them to receive early return on investment. Read this complete guide on agile transformation to know more.
Now, we will get an overview of the transformation hypothesis to help us approach agility in the right way.A step closer to agility with Transformation Hypothesis
A Transformation Hypothesis describes the real purpose behind choosing agile transformation. Along with accepting agility, companies have to be flexible enough to embrace change in various working techniques. But sometimes it might not sound comfortable for the employees as they are accustomed to working with the same old traditional techniques. So, in situations where employees aren’t confident enough and are faced with certain challenges, the companies should proactively help them to overcome such difficulties and welcome change. Below are some of the concerns which need to be resolved to strongly practice agility in your organization.
Culture change isn’t the only solution
It is observed that adopting agility brings a big shift in the work culture of an organization, so we assume that the culture change alone will look after all the necessary steps and efforts required to successfully implement such a transformation within the company. But in reality, it isn’t so. There is also a need for proper guidance in forming cross-functional teams which have various functional expertise to increase innovation in products and services. To succeed with agility, the company will have to look upon various factors, apart from considering culture as the only means to improve agility.Process training alone cannot bring agility
We get to see that employees are given training from coaches to learn new methods and techniques, also expecting them to be capable enough to face any challenges which they witness while practicing agility. But the problem here is, it is nearly impossible to handle technical, governance, and organizational issues by employees with the process education obtained during the training sessions. Such issues need to be resolved by providing essential support to the company employees to tackle such hard situations.Need for a right ecosystem
To reach the desired level of agility, there is a need for an ecosystem that facilitates continuous improvement to achieve a company’s agility goals and objectives. If a company fails to build the right ecosystem, it will be challenging to sustain agility in an organization for better adaptability and resilience.Strategize plans according to the size of the organization
One has to strategize plans depending on the size of the organization to sustain agility. For example, the strategy which you will use for transforming a single team will certainly differ from the strategy you plan for a large-sized company having 500 or more employees. In the same manner, if you are leading a group of five to seven people, sending them to training sessions might be sufficient. But if you lead 1000 employees, the planning and arrangement must be executed on a much different level. So, it justifies the fact that the size of the organization is to be considered while adopting agility.Overcome the challenge of dependency
Dependencies can bring hurdles in successfully attaining agility in organizations. When we have small teams, it is easier to manage dependencies but if we have multiple teams working towards the same goal, it becomes very difficult to handle inter-team communication and collaboration. So, removing dependencies shall be one of the primary tasks. For smooth delivery of products and services, it is very essential to strategize plans to overcome dependencies and develop agility in an organization.Benefits achieved by adopting agile transformation
Many organizations have received benefits from practicing agile transformation in recent years. They need to put the right agile transformation approach to attain the desired business outcomes with this transformation. The agility in enterprises allows flexibility to adapt new organizational practices and techniques leading to maximization of business value.
Moving forward, we will discuss some of the benefits which are attained by companies adopting agile transformation in their business.
Maximise customer satisfaction
With agility, companies mainly focus on adding value to the customer experience by understanding their requirements and making early delivery of products and services. It helps in evolving customer satisfaction by prioritizing customer feedback to improve the product quality as per their expectations. Enterprise agility allows employees to provide services with expertise, proper collaboration among various teams, and transparency which leads to an increase in customer satisfaction.
Here is an example of Asia Pacific Telco, which adopted an agile operating model to meet customer needs and was successful in increasing customer satisfaction by implementing new ideas and techniques into their work process. Below is the diagram showing the transformation shift towards a positive direction leading to a great customer experience.Source: McKinsey & CompanyIncrease employee engagement
Adopting agility facilitates employees the ability to use their creativity to produce better work performance and results. It gives them a sense of ownership to take all the necessary decisions to improve their work productivity and help them feel valued in the workplace. Such flexibility helps in increasing employee engagement to a great extent also empowering companies to reach their desired goals and ambitions. For instance, read how you can build a diverse and inclusive team by leveraging agile techniques.Raising operational performance
Agility helps in providing various business models to the organizations which further helps in improving the operational performance according to the desired expectations. Due to this agile transformation, the companies are availed with various approaches which help in increasing the speed of company decision making and product development. The target achievement rate can be seen improving remarkably, by the agile companies which prove to be one of the major achievements of a progressing enterprise.Growing competence towards changing priorities
With agility, a behavioral transformation takes place among the employees to reach their highest potential in embracing change and innovation. They learn to handle the changing priorities within the organization in the form of resources re-location to a team who needs support and assistance to survive the challenges which come along with agility. They get comfortable with the changes that take place in their work process and techniques, accepting change for better company growth.Enhance project visibility
Project visibility provides a clear vision of a project performance which includes allocating resources, potential risks, and proper distribution of responsibilities. Increased visibility ensures everyone involved in the project understands the objective of the project and their role in meeting the business goals and aspirations. It gives clarity to stakeholders regarding the real-time status of the project. Agility helps in changing any project plan or initiative following customer or stakeholder needs and requirements for better project performance. For instance, read how imbibing agile documentation processes helps improve project management.Improving Business and IT alignment
Business IT alignment can be regarded as a business strategy that helps in achieving the business objectives leading to improved financial performance. This alignment is necessary to adapt to the constant change in the company and environment due to agility. Therefore, both business agility and business-IT alignment should go hand in hand to maintain company growth and development. For instance, read how the inclusion of agile processes to the testing phases of software development can be immensely beneficial.
Lastly, the most important benefit which we witnessed recently by adopting the agile transformation is the flexibility of working at our convenience during the pandemic of COVID 19. Due to this pandemic, the organizations felt the need for agile transformation rather than sticking to the old traditional transformation techniques which created hurdles in the proper functioning of their business. According to McKinsey’s research with Harvard Business School during COVID-19, agile companies have received better results in comparison to non-agile companies.Source: McKinsey & CompanyCompanies sharing their successful journeys with agile transformation
With agility, many organizations have achieved immense success leading their business towards their set goals. Here are some of the companies sharing their success stories which can act as a motivation for everyone to move towards agile transformation.Ericsson
Ericsson aimed at improving the delivery of products within the stipulated time leading to an increase in customer satisfaction. To achieve this target, they adopted agility in 2008. They implemented cross-functional teams which could focus on specific projects along with building effective communication across several teams. Instead of individual targets, each team worked towards both organizational and group goals to receive desired results. After making such changes with the help of agile transformation, Ericsson could successfully achieve speedy development, faster customer feedback, and generate higher revenue according to desired company standards.Bank of America
In late 2012, the agile transformation in global markets at Bank of America began. Merrill Lynch, the director of global markets technology at the Bank of America expressed that their main aim was to improve the time to deliver better company solutions and also reduce key person dependencies across his technology team. They adopted Scrum (a specific Agile methodology) also providing an environment to the employees where they could experiment by taking risks to bring exceptional work results. The cross-functional team formation too was encouraged to turn business ideas into working products for achieving company targets. After a year of consistent efforts, they finally succeeded in meeting their business goals with agility.LEGO
LEGO attained success by adopting agile transformation in early 2018. They adopted this approach in their two large digital departments. After such adoption, they witnessed various improvements in several areas like market engagement, digitalization, and reduction in project delivery time. This further brought a sense of motivation and satisfaction among the employees. So, with this transformation, LEGO could set a successful journey of embracing change.
To get more insight on a company's smooth agile transformation, you can go through this book- “Agile Transformation: A Brief Story of How an Entertainment Company Developed New Capabilities and Unlocked Business Agility to Thrive in an Era of Rapid Change” which will give you an idea about a company in the entertainment industry who got excellent results by adopting agility in its work culture. This will be a good read.
Here is a video presented by Scrum Alliance about IBM’s wonderful experience of learning, implementing, and overcoming challenges with agile transformation. Without any further wait, take a look at their exciting agile transformation journey.Final thoughts
Agility is an approach to drive performance and provide endless innovation to organizations. Adopting this transformation can break the old traditional working methods enabling to achieve tremendous growth and advancement in business. So, the organizations will have to step out of their comfort and strive for something new which can deliver exceptional business outcomes.blog banner blog image Agile Transformation Agile development methodology Enterprise agility Agile Blog Type Articles Is it a good read ? Off
The second feature release of Drupal 9 helps keep your site even more secure, and comes with increased visitor privacy protection, improved migration tools from Drupal 7, enhancements to the Olivero frontend theme and early support for the WebP image format.
Critical security advisories and public service announcements will now be displayed on the status report page and certain administration pages for the site's administrators. This helps prepare site owners to apply security fixes in a timely manner. For increased privacy protection of your site visitors, Drupal 9.2.0 now blocks Google Federated Learning of Cohorts (FLoC) cookie-less user tracking by default.Better building blocks out of the box
The Olivero theme, soon to be Drupal's new default frontend theme, has dozens of major improvements in this release, including a new form design and various accessibility fixes. The built-in Umami demo is now also more flexible with a built-in editor role and more versatile Layout Builder demonstration.On the way to Drupal 10
In preparation for Drupal 10, all Symfony 5 and and several Symfony 6 compatibility issues have been resolved. As part of modernizing the frontend of Drupal 9, core's Tour feature now uses ShepherdJS instead of jQuery Joyride. This significantly improves accessibility of tours and removes one more reliance on jQuery.Other improvements
The already stable migration path from Drupal 7 is now expanded with migrations for user settings, node/user reference fields and other previously missing pieces.
Drupal's GD toolkit integration, and, therefore image styles, can now manage WebP images. There is more to do for complete WebP support. Stay tuned for improvements in future releases.Sneak peak at future core features
The upcoming core CKEditor 5 upgrade is being worked on in a contributed project. Progress has been made on various aspects of the roadmap, and the project is near to completing all issues identified as requirements for tagging a beta release. Core inclusion is expected in Drupal 9.3.0, but contributed projects are requested to build compatibility ahead of that.
The Automated Updates Initiative has been very active in the repositories under https://github.com/php-tuf building a PHP implementation of The Update Framework (TUF) with Typo3 and Joomla developers to provide signing and verification for secure PHP application updates. Results will be included with later Drupal releases.
Check out the initiative keynotes from DrupalCon North America 2021 on what else is in the works.What does this mean for me? Drupal 9 site owners
Drupal 9.0.x is now out of security coverage. Update at least to 9.1.x to continue to receive security support.Drupal 8 site owners
Update to at least 8.9.x to continue receiving bug fixes until Drupal 8's end of life in November 2021. The next bug-fix release (8.9.17) is scheduled for June 7, 2021. (See the release schedule overview for more information.) Versions of Drupal 8 before 8.9.x no longer receive security coverage.
With only five months left until the end of life of Drupal 8, we suggest that you upgrade from Drupal 8 to Drupal 9 as soon as possible. Upgrading is supported directly from 8.8.x and 8.9.x. Of the top 1000 most used drupal.org projects, 94% are updated for Drupal 9, so the modules and themes you rely on are most likely compatible.Drupal 7 site owners
Drupal 7 is supported until November 28, 2022, and will continue to receive bug and security fixes throughout this time. From November 2022 until at least November 2025, the Drupal 7 Vendor Extended Support program will be offered by vendors.
On the other hand, the migration path for Drupal 7 sites to Drupal 9 is stable. Read more about the migration to Drupal 9.Translation, module, and theme contributors
Minor releases like Drupal 9.2.0 include backwards-compatible API additions for developers as well as new features.
Since minor releases are backwards-compatible, modules, themes, and translations that supported Drupal 9.1.x and earlier will be compatible with 9.2.x as well. However, the new version does include some changes to strings, user interfaces, internal APIs and API deprecations. This means that some small updates may be required for your translations, modules, and themes. Read the 9.2.0 release notes for a full list of changes that may affect your modules and themes.
This release has further advanced the Drupal project and represents the efforts of hundreds of volunteers and contributors from various organizations. Thank you to everyone who contributed to Drupal 9.2.0!
Did you catch the very cool Raspberry Pi Pico piano project shared on the latest Digital Making at Home livestream? The sibling maker group from the GurgleApps family, Amelie, Caleb, and Ziva, chatted about how they got into coding before inviting us into miniature musical mayhem. What do you need to make a Raspberry Pi…
Drupal 7 will reach end-of-life (EOL) in November of 2022, which means that at least a half million webmasters & site owners have some decisions to make. What’s the next step for your organization’s website? What sorts of costs might you be looking at for this upgrade? What timeline can you plan on for this change? All good questions.
If you’re interested in this topic, take a moment to register for our Director of Engineering, Joel’s free webinar coming next week. He'll be covering aspects of these options in greater detail.
Webinar, June 23rd:
Options for upgrading your Drupal 7 or Drupal 8 site
The Drupal ecosystem of core and contributed modules is protected against hackers, data miners, automated exploits and other malicious actors by the Drupal Security Team — more than thirty developers working across three continents in almost a dozen countries to keep Drupal websites safe. The security team responds to reports of potential weaknesses in the Drupal core or contributed code and coordinates efforts to release new versions of the software that address those vulnerabilities.
The more than a million Drupal developers worldwide going about their day-to-day development tasks act as a passive network of quality control agents. Developers who discover security vulnerabilities while working with the code can confidentially report them so that the security team can go about fixing the problem before knowledge of the vulnerability is widely available. A million worldwide developers backing a thirty-something strong team of elite developers spells security — for your website, your data, and your organization.
In November of 2022, that all comes to an end for Drupal 7. That’s when the security team will officially retire from the Drupal 7 project in favor of modern versions of the platform. As new vulnerabilities in the code are discovered (and made public) you won’t have anyone in your corner to fight back with new security releases.
After EOL you can expect what’s left of the Drupal 7 community to move on, too. That means no new modules, new themes, or other new features built for the platform. It also means the pool of developers specializing in Drupal 7 starts to shrink very fast. If you’re still on Drupal 7 in late 2022, you’re out in the cold.
The good news is that there are options. Here’s are my top three picks:Drupal 9: Drupal is dead, long live Drupal
Drupal 9 is the most modern iteration of the Drupal framework and CMS. It introduces a completely reimagined architecture and a rebuilt API more inline with modern development standards.
- Cost: High
- Build Time: High
- Longevity: High
- Support: High
Upgrading your site to the latest version of Drupal (9.1.10 at the time of this article) is, in most cases, the right move. Modern Drupal has grown to support a wide array of innovative features in core. Improved WYSIWYG content editing, a feature rich Media library, advanced publishing workflows, and rich JSON API are all available right out of the box. Couple that with Drupal’s new, highly modern architecture built on Symfony, the adoption of the Twig templating engine, and dependency management via Composer and you really do Build the best of the web in terms of technology, support, and longevity.
When you make the move to Drupal 9 you can count on Drupal’s huge and thriving community of developers (and security team) making the move right along with you. Existing modules from previous versions of Drupal are either — in almost all cases — already available, now packaged into core, or making their way to Drupal 9 at this moment. It’s very likely the agency you’re already working with has or is building a Drupal 9 proficiency, and it’s guaranteed that hundreds of other shops can pick up the slack in the odd case that your provider isn’t on board yet.
Finally, let’s not forget Drupal’s commitment to easy future upgrades which promises continuity in architecture that should facilitate easy upgrades to Drupal 10 and beyond. Gone are the days (probably) of “rebuild” style upgrades like those of Drupal 6 to Drupal 7, or Drupal 7 to Drupal 8/9.Cons
Speaking of “rebuild” style upgrades... upgrading from Drupal 7 to Drupal 9 is one of them. While it could be your last major upgrade if you stick with Drupal for the long haul, moving from Drupal 7 to the more modern 8/9 and beyond architecture is a very heavy lift. For most organizations the move to Drupal 9 is the longest term, most feature-rich, most supported, and most modern option, but it generally entails a complete rebuild of your site’s backend and theme which basically means starting from scratch. Take a look at Joel’s post about the upgrade from Drupal 7 to Drupal 8 for more information — the process is comparable to a Drupal 7 to Drupal 9 upgrade.Backdrop CMS: The same, but different
Backdrop CMS is a lightweight, flexible, and modernized platform built on Drupal 7 architecture with notable improvements. The software is a fork of the Drupal 7 code and boasts a simple, straightforward upgrade path.
- Cost: Low / Medium
- Build Time: Low / Medium
- Longevity: Medium / High
- Support: Medium
Drupal 7 sites moving to any other platform — including Drupal 8 / 9 — must be rebuilt. That’s not the case for Backdrop CMS, which gives you the option of protecting your investment in an existing Drupal 7 website and reaping the benefits of modern features like configuration management and advanced layout control. Backdrop CMS will prioritize backward compatibility with Drupal 7 until at least 2024, meaning that even fully custom Drupal 7 code — with very minor modifications — should work in the Backdrop CMS ecosystem. A large selection of widely used Drupal 7 modules are already available for Backdrop CMS, and more are on the way. And while backwards compatibility is a major selling point for Backdrop CMS, its architecture is forward thinking with the introduction of classed entities and an object-oriented approach to all of its new components and features.
While the Backdrop CMS developer community isn’t particularly large, Drupal 7 and Backdrop CMS development skill sets are virtually interchangeable for the time being due to the almost identical API. There’s also considerable overlap on the Drupal 8/9 front due to Backdrop’s preference for object-oriented code in all of its newly added features. That means your existing Drupal developers can help you make the switch, and while the upgrade process isn’t exactly seamless it’s definitely a far cry from a complete rebuild.
Backdrop CMS also has its own security team, which — for now at least — works closely with the Drupal security team. Active development for the current version of Backdrop CMS is planned through 2024 according to their Roadmap, with the next version of Backdrop CMS promising an even easier upgrade path compared to the Drupal 7 to Backdrop CMS upgrade.Cons
Backdrop CMS implements both Drupal 7 style procedural coding and Drupal 8/9 style object-oriented coding, which in theory means that it caters to a wide range of developers. In practice it’s hard to predict the future of any up-and-coming development community. That makes the outlook for long term support a little opaque, in that it’s hard to say just how many developers will be supporting Backdrop CMS and building new features for it down the road a couple of years.
Also, while Backdrop CMS absolutely prioritizes backwards compatibility with Drupal 7, a greater number of contributed and custom modules in your existing site could complicate the upgrade process. Simpler Drupal 7 sites with fewer contributed and custom modules would probably encounter a low effort to complete the upgrade, while a greater number of contributed and custom modules are likely to see a medium effort as some of those modules may need to be converted.Drupal 7 Vender Extended Support: Don’t move a muscle
Drupal 7 ES is the do nothing for now option. A small collection of approved and vetted vendors will be providing security updates and / or critical patches for Drupal 7 core and contributed modules following a variety of vendor-specific plans.
- Cost: Low
- Build Time: None
- Longevity: Low / Medium
- Support: Medium
The biggest plus here is simple: No further action is required at this time. If you’re planning to work with a vendor that provides extended support for Drupal 7, you won’t need to take any action to protect your website from aging software until Drupal 7 EOL in 2022. At that point, you’ll need to plan on a flat or adjustable monthly fee through the end of 2025 — or possibly beyond. This could mean avoiding major strategic and financial decisions regarding your digital strategy for at least a few years, and all at a cost that (depending on the size of your organization / website) is probably a fraction of the cost of a software upgrade.
With the Drupal 7 EOL recently extended until November of 2022, many of these Vender Extended Support plans haven’t fully materialized — so details are still forthcoming. Agencies like Tag1Quo or MyDropWizard advertise services from a surprising $15 / month to $1250 / month for a range of beyond EOL Drupal support plans. Acquia and Lullabot are also named by Drupal.org as ES vendors — but without any specifics about pricing or support levels. While the picture isn’t entirely clear yet, availability of an affordable ES plan is virtually guaranteed by 2022.Cons
Drupal 7 Vendor Extended Support may protect you against vulnerabilities and exploits discovered after Drupal 7 EOL, but community support will be all but dead by that time. That means no new features or modules will be released and the pool of Drupal 7 developers will be rapidly drying up. Unless you have an in-house development team, you can plan on your website coming to a standstill in terms of ew features.
The amount of contributed and custom modules your site implements has an impact here, too. The greater number of custom and contributed modules, the greater you can expect the effort to be in supporting those modules beyond EOL.
Another concern with Drupal 7 ES is PHP 7 end-of-life. Once PHP 7 (the language Drupal 7 is largely built on) is no longer supported towards the end of 2022, you can expect the security of your Drupal 7 site to rapidly degrade. Updating Drupal 7 to be compliant with the newer, more secure PHP 8 is doable — but you can expect it to be a difficult process.
Finally, it’s likely that you will still need to consider upgrading to a supported platform in the future if your website will need to change and adapt in the coming years. You can expect this process to become more challenging as time goes on and the gap between your existing website and modern platforms grows ever larger.Taking the first step
There are other options, too. Moving from Drupal 7 to another platform entirely (WordPress?) could make the most sense depending on the complexities of your website. Moving to a less robust CMS could be nominally more cost effective than an upgrade to Drupal 9, but it also bakes in some hard limitations to what your website will be able to do.
If you haven’t already, take a minute to register for Joel’s free webinar coming June 23rd. He'll be walking through a few of these options and more.
Webinar, June 23rd:
Options for upgrading your Drupal 7 or Drupal 8 site
A lot of organizations are beginning to evaluate options for their Drupal 7 sites. The best way forward depends largely on your goals as an organization, your ambitions for your digital presence, and the amount of time and effort you’re willing to invest. We’d love to consider your questions or learn more about the specific challenges you’re facing as you sort through your options. Get in touch today with your questions about upgrade paths from Drupal 7.Eric Toupin
Stream Decks have gained a great deal of popularity within recent years. However, increased demand and a limited supply of them has caused their prices to skyrocket and availability to dwindle, leading many to seek alternatives. The streamer known as CoCoaCoCi has created a DIY Stream Deck before, but this first iteration only had a 3.5” touchscreen […]
The post The Crumble Deck is a Stream Deck alternative based on an Arduino Due appeared first on Arduino Blog.
When someone tweets a link from your website, Twitter can use Twitter Cards to attach rich photos, videos and media to Tweets.
By doing some minimal configuration changes on your Drupal site using the Metatag Module and the Twitter Cards submodule, users can see a “Card” added below the tweet that contains neatly formatted information coming from your website, as shown in Image 1 below.
The cards are generated using HTML markup in the HEAD region of your Drupal site; that’s why the Metatag module is used.
Twitter will scrape your site and generate the card using the HTML meta tags.
Imagine you created something and that something is a software. You wanted your creation to be used by as many people as possible, you wanted to make it universally accessible. So, you did just that, you made the software source code accessible so that anyone could inspect it, modify it and enhance its capabilities.
This is the scenario that makes an open source software what it is; a publicly accessible tool that is all for the community. It honours open exchanges, collaborations, transparency and perpetual development that is community-centric. These principles have made open source software become immensely popular today. And here is proof of that.Source: Github
Many of the public repositories, like PHP, Java and .NET, use open source software and in heavy numbers. If we look at the revenue open source software is deriving, the numbers are again quite impressive.Source: Statista
All these numbers speak volumes to the efficiency of open source software. However, if there is one aspect of open source software that needs some kind of assurance, I’d say it’s open source security. The reason is probably the fact that OSS is completely open for everyone, so it is assumed that something with this level of openness cannot be secure.
In this blog, we’ll try to find an answer to the question, ‘what is open source security’ and see whether it is actually secure or not.What Is Open Source Security?
Today, businesses try to leverage multiple software in their efforts to move forward in technology and open source is one software that is omnipresent in these efforts, be it just for its code.Source: Synopsys
The reasons for this elevated usage of open source components are plenty.
The fact that you get to try the software before you buy it;
The fact that support is free;
The fact that there would be fewer bugs to deal with and faster fixes;
The fact that software security would improve;
To know more about the power of open source, read about the perks of being an open source contributor, leadership in open source, why are large enterprises investing in open source, why is open source recession-free, impact of open source during Covid-19 pandemic, and the significance of diversity, equity and inclusion in open source.
All of these account for open source to become a software that is quite pleasing to the eye. The last point that I mentioned may be the most pleasing factor of them all. But why? What is open source security? Is open source insecure? Let’s understand just that.
Like any other software out there, the OSS also goes through two main stages, the development and the production. And open source security works in both of them, managing and securing the OSS at all times by using certain tools and processes; all of this usually done through automation.
Talking about the Software Development Lifecycle, open source security has three main responsibilities;
- It identifies open source dependencies in your applications;
- It provides critical versioning and usage information;
- And it detects and warns about any policy violations and its consequent risks.
Moving on to the production phase, open source security continues to work diligently. Its main duties at this point are to focus on any and all open source vulnerabilities. It does so by;
- Monitoring vulnerability attacks;
- Blocking vulnerability attacks, if possible;
- And most importantly, alerting you for the same, thus making you ready to take action against them.
Be it a community driven open source or a commercial one, open source security works in much the same way.
The initiative focuses on aspects like vulnerability disclosure, security tooling and best practices, identification of threats and even digital identity attestation. All of these only aid in securing your projects, critical and otherwise, in a much better and efficient manner.Is Open Source Good for Security?
The answer to the question ‘How does open source security work?’ is not a linear one. But if I had to answer it, I’d say open source security is nothing at all like Microsoft, which should provide a lot of clarity to you and instill a sense of faith in OSS.
According to Snyk’s The State of Open Source Security 2020 report,
Open source ecosystems have expanded by a third in 2019;
Open source security culture is focusing on shared responsibility;
Open source vulnerabilities have reduced by a fifth.
On top of this, the vulnerabilities that were found in open source as most reported weren’t high impact on software projects.
These facts were enough for me to believe in the capability of open source security. However, for you, I am going to provide four more reasons.Security that is transparent
The main benefit of open source security is that it is transparent. What I mean by transparent is that its source code is open. You can get information about the code base and potential bugs.
People can sift through the source code of any open source project and improve any imperfections, which would not have been possible if the source code wasn’t open. This further means that there won’t be any surprises as the chances of any malicious functionality would be quite slim with this level of scrutiny.Security that is reliable
This advantage is relatable to the previous one. OSS openness has made it possible for its code to be continually tested.
The online community, which is responsible for developing the code, is behind these tests, making the software more reliable and trusted. The software developed on such trust would most likely never crash and fail.Security that provides quick catches and fixes
After transparency and reliance comes the benefit of quick fixes. The open source community is again to be thanked for this. The many contributors of open source make it possible to detect any bugs and flaws and quickly patch and fix them, without any elongated downtime for your applications.Security that is sustainable
Open source software isn’t going to go anywhere and would open source security become antiquated. The reason would be its growing community that would continue to expand indefinitely. Therefore, the platform would continue to improve and you would have the assurance of better security means as time continues to move ahead.
At the heart of every benefit of open source security is its openness and community. Is open source a security risk? Not really. Is it a full-proof solution? Again not really. Yes, open source security cannot provide you the guarantee of being full-proof at all times, but the fact that the open source security at least provides a better chance of being secure is enough to make it advantageous for us; after all, are there really any guarantees in life?Are There Challenges That You Need To Overcome?
Moving on from the pretty picture of open source security, let’s focus on the dark side of the concept. Open source security isn’t always full of the joys of spring, there are certainly challenges that need to be overcome. Since open source has become prevalent in every business sector, so have the open source security vulnerabilities.Open source vulnerabilities by business sectors | Source: Synopsys
Ironically, most of the challenges coincide with the openness of an OSS, so the benefits become the drawbacks. Let’s take a look at them.The openness isn’t without vulnerabilities
Much like any software out there, open source also comes with some vulnerabilities. Yes, the open source community aids in the remediation of these flaws, but they tend to widen the difference between open source safety and open source attacks.Vulnerabilities reported in OSS | Source: WhiteSource Software
Yes, open source security issues come with their fair share of vulnerabilities, from XSS to information exposure, there is everything and these vulnerabilities keep on changing year after year.
However, there is a silver lining in this challenge and that is the impact of these vulnerabilities.Source: Snyk
XSS is one of the most reported vulnerabilities, however, it only impacts a low number of projects. This can be considered as a positive outcome of this particular challenge.The openness lures attackers
The OSS code is open for everyone and so its vulnerabilities; and we certainly know that everyone includes people with malicious intent as well. So, open source vulnerabilities become an easy target for attackers.
The National Vulnerability Database, which is a platform providing information about the open source vulnerabilities that too publicly isn’t helping this challenge much. Don’t get me wrong, such platforms are indeed helpful in identifying the problems, but considering they are public and open, the attackers get their arsenal for the next target.
You may think that the known vulnerabilities should get fixed before the attackers are lured in by them. But that is easier said than done. The problem here is that the open source vulnerabilities are published at multiple platforms, thus tracking them becomes difficult. Even if they have been located, updating, patching or fixing can require some time and during that phase, you’d be at risk.The openness might overlook quality
There are a number of people who contribute to open source security and you cannot be sure that all of them would be security experts. Everyone in the community will not have the same level of skills and expertise. Therefore, the way they would create a piece of code would be different. This makes quality assurance a task that could almost be impossible to take on. Furthermore, the fact that there are no set standards for the quality of open source code makes it all more convenient to overlook quality..
All of this means that the quality might be overlooked and even compromised. The fact that only 8% of the WhiteSource survey respondents were concerned about the quality is a testament to this challenge.
OSS may be free to use, but it does come with a number of licenses that need compliance; 110 licenses to be exact, according to the Open Source Initiative. These act as the guidelines for OSS source to be used.
With these many licenses, there is bound to be a risk of compatibility. Let’s understand this, some licenses are compatible, this means you can use them together. However, some aren’t, which means that using them together would put you at risk, like the Apache 2.0 and GPL v2 license.
What’s more is that, if you do not comply with the licensing guidelines of open source, you’d be making yourself open to a lawsuit. While I know this isn’t the kind of security concern we've been talking about so far, it is a security concern all the same.Can You Overcome the Security Challenges?
The major challenge in open source security are the vulnerabilities. Detecting them and resolving them has to be the priority, if you want to overcome the challenges. Given the fact that open source vulnerabilities have risen in 2020, you need to be sure that you are not at an elevated level of risk.Source: WhiteSource Software
Let’s see how these vulnerabilities can be caught in time, so that they do not affect your business by implementing some of these open source best practices.Prioritising security, always
The first part in overcoming open source vulnerabilities is to always prioritise security. This starts with the choice, whenever you choose an open source component to work with, security has to be one of the considerations in the choice.
Usually, functionality comes as the main reason for choosing an OSS. However, just focusing on that can put you at a disadvantage. Think of it this way, an open source component that does not require any integrations with your codebase would remove any and all security risks, along with reducing the complexity of your source code.Prioritising automation as a means to detect and monitor vulnerabilities
Next comes the detection of the security vulnerabilities and automation comes quite handy here. Organisations, especially large ones, have a pretty massive codebase and going through it would be a mammoth task, if not automated. Detecting susceptibilities is already quite a lengthy process, even with automation.
You have to identify which packages are being used;
You have to pinpoint the vulnerable functionality in your code;
You have to map out the way that particular vulnerability is impacting;
And then you have to work on rectifying the findings.
Such a process may only include four steps, however, it isn’t a trivial task.
One of the problems in overcoming the vulnerability challenge is that organisations, sometimes, have no clue that they are actually susceptible. The fact that the open source community has an extensive amount of data means that the vulnerabilities would be spread across that expansiveness. So, running automated scans for identifying vulnerabilities would never let them go unidentified.
Taking help of automation tools would not only help you get to the problem areas faster, but also keep doing it continuously. When you enforce automated tools to continually monitor security problems, you come closer to protecting your project and taking control over the open source components you are using.Prioritising the involvement of the team in security
The last point to cover in order to overcome the open source challenges involves your team. There is a high likelihood that your developers would not be experts in security. And the people you may have in security would be lost in the developers’ realm. Since open source vulnerabilities require you to be efficient at both development and security, there has to be some training involved.Source: Snyk
Such a response for detecting open source dependencies is not ideal. So, aim for cross training your staff, the developers should be able to at least identify certain security vulnerabilities and the security team should have some understanding of the development process.
If you think that isn’t a possibility, you can hire outside help to assist you in overcoming the challenges posed by the open source components.The Verdict
OSS is on the rise and it will continue to grow in the future, there isn't any doubt about it. Along with that open source security will also strive to improve. Yes, there are issues that surround open source security, it isn’t perfect. I think that’s a good thing, because perfection cannot be improved upon and that means open source security has a lot of strides to make.
Open source security operates on visibility and openness, and it also teaches its adoptive organisations to preach the same. Aiming for visibility in your source code would always keep you ahead of the vulnerabilities you might have. It would also provide you with knowledge of your dependencies and a clear understanding of your code.
So, in that sense, open source software would be a great low cost addition to your project and open source security isn’t something that would ever hold you back. With the amount of open source security tools available today, that’s almost a guarantee.blog banner blog image open source security Open Source Software Open Source Community Blog Type Articles Is it a good read ? On
If you’re a fan of the animated TV series Adventure Time, you’re already excited and scrolling to see how you can build your own Be MOre (BMO) console. And if you’re not: BMO is Adventure Time main characters Finn’s and Jake’s sentient video game system-cum-roomate. OK, but what does BMO do? DIY enthusiast Lazuardi Rinaldi,…
The post Make a Raspberry Pi-powered BMO Adventure Time console appeared first on Raspberry Pi.
We’re back with a recap of our favorite Drupal blog posts from last month. We hope you enjoy our selection for May!READ MORE
Drupal Commerce 2.x includes address book functionality for both customers (from their account pages and checkout form) and administrators (from order edit pages). This article provides a quick summary of the address book architecture to help you understand how customer addresses are modeled / saved to your database and what you need to take into consideration when writing custom code / data migration processes for orders and customer profiles.
Commerce Core uses our Address module to add address fields to various entities, including stores and customer profiles. Address fields are not added directly to orders, payment methods, or shipments - the things for which we might typically expect an address to be selected from an address book. Those entities instead reference profiles with addresses that represent billing and shipping addresses.
As a result, a user’s address book is basically just a collection of profiles with the same uid as the user. These profiles are created in various ways:Read more
Both archery and robotics are extremely fun, but what happens when you combine the two? In Kamal Carter’s case, he constructed his own autonomous robotic archery system that can not only acquire and aim at targets, but even draw back the bow and fire an arrow all on its own. The project features an Intel RealSense Depth Camera at […]
According to their project page, Layout Paragraphs provides an intuitive drag-and-drop experience for building flexible layouts with paragraphs. Paragraphs are the preferred method of dealing with complex content structures inside of Drupal, and Layout Paragraphs are for dealing with complex layout structures in those paragraphs.