Security updates: don’t wait!

CiviCRM has a security update coming in June.

If that’s an inconvenient time for you, you might think that you'd rather wait until later.

Don't wait!

Here's why:

A security update fixes security problems that already exist in your software.

Of course, that's not a big concern by itself. Major commercial software providers (think iPhone, Android, and the rest) routinely release security updates for exactly the same reasons.

But what is a major concern is this: before the security update, very few people know about the vulnerability; but on the day of the security update, potentially everyone will know about it.

That's because that's the day when the software authors acknowledge it publicly — by publishing a solution for it.

Think about this:

If your home's back door wouldn't lock properly, you might think, “I should get that fixed pretty soon.” But if your darling teenager posted that fact on Facebook, you might suddenly start thinking, “I've got to fix this right away!”

When a software author announces an upcoming security update, it means your version has something like a back door that won't lock. You (and the rest of the world) just don't know where that problem is, or how it could be exploited.

But once they drop that release, anyone can know about it and begin to exploit it. That, dear reader, is Not A Good Thing™.

So I implore you, for this CiviCRM security update scheduled for June 19, take time now to make sure someone on your team will be taking care of it.

You’ll sleep a lot better at night knowing your back door actually locks.

All the best,
A.