Webcurl is pleased to announce its continuos update service for Drupal. Available free to new and existing supported customers, our service ensures worry free evenings for your security team. Before we tell you why you should take up this offer, here are a few facts to help in your decision making.
- In 2016 there were 35,000 contributed modules, 2300 themes and 1000 distributions available for download on drupal.org and other sources. The average Drupal module updates once every three months, however, active popular projects are more frequent. The average Drupal website consists of approximately 50-70 modules
- In October 2014, your Drupal 7 website could have been compromised if you didn’t patch it within just 7 hours of the release of Drupal 7.32 on 15 October 2014. Thousands of websites were affected by the so-called “Drupalgeddon” vulnerability (also known as SA-CORE-2014-005) as most site owners and developers never received the announcement and many were simply asleep.
- At least 300 vulnerabilities in Drupal core and contributed modules are known to the CVE Details database. https://www.cvedetails.com/vendor/1367/Drupal.html
The basic problem is that users often can’t respond to the published vulnerabilities as quickly as the attackers do. Given that attackers are notified via the same mechanism that a vulnerability has been found and fixed, they have the upper hand: generally, it’s much easier and faster to exploit the affected website than it is for you to update it.
Webcurl’s automated continuous security update service removes the uncertainty of whether you site is open to vulnerabilities due to a guaranteed reaction time to security releases