Skip navigation

The importance of up-to-date software

Matty Forth

Matty is a full stack developer, specialising in creating bespoke applications and systems from the ground up using the Laravel framework for PHP. He has 8+ years experience in the industry and has a passion for building highly extensible and maintainable software solutions, ensuring we can get the job done for our clients in the best way possible with minimal fuss!

Matty Forth, Full Stack Developer

Software is all around us and is critical to life in the modern age. Websites, mobile phones, even fridges and washing machines, it’s all software! Hundreds, if not thousands, of levels of iteration have gone into making the software that we use in our day-to-day lives. 

However, keeping all the different pieces of software that we use up to date is a mammoth task. For example, take your phone, for example and the easy “install update” action. Easy, right?

Well, under the hood, there’s a whole web of dependencies that all come together to make up the software that your phone is running, and they all need to be updated as well. They all speak to each other, and one often needs something from another.

At Studio Republic, we build websites, and like all other pieces of software, these need to be constantly updated too. It takes a lot of effort for us developers in the background and most people probably won’t ever notice, but it’s essential that we do so. Here’s some of the reasons why up-to-date software is essential.

Image for An abstract illustration of building blocks balancing on each-other

Keeping software secure

Perhaps the most important reason to keep software up-to-date is for security. Every piece of software has vulnerabilities. It’s no one’s fault and it’s not on purpose, but developers and engineers of the software aren’t perfect. Problems arise when these vulnerabilities are found by bad actors and ways of exploiting and attacking it are discovered. When this happens, the developers of the software have to scramble to issue a fix.

Once the updates have been sent out, it’s important that we apply the update in order to implement the fix for the vulnerability. The longer we neglect to update, the longer we are open to potential exploits. Not all vulnerabilities are critical in that they could expose confidential data or allow access to private functionality, but they should all be patched up either way.

At Studio Republic, we use an automatic tool called Dependabot that automatically detects any security issues in packages we use in our projects and attempts to update the package for us. All we have to do is review the changes it has made and accept them.

One of the latest security patches we have done was to remove our dependency on a popular library that had become hijacked and posed a security threat. 

Polyfill.io was a library that implemented missing features to older browsers (think early versions of Internet Explorer). We don’t use it for our sites now, but we had some legacy sites that still required it. It was used by over a hundred thousand sites around the world and was trusted for over 10 years prior to this issue. Unfortunately, the domain the library was hosted on was acquired by a Chinese organisation which then began using the library to inject malicious code into the sites that used it. On the day this announcement hit the internet, we (along with many other agencies around the world) had to block the service from our sites, and remove it quickly from our codebases. We completed this and verified that none of our sites had yet been affected, but had we waited, we may have been open to a number of attacks.

Image for A screen of the Dependabot security tool

Access to new features

One of the more exciting reasons to keep software up-to-date is that it can open access to new features that weren’t previously available. In the website development world, this means that we are usually given fancy new ways of solving particular problems that can reduce pain points when developing, or make possible things that weren’t possible before.

At Studio Republic, we use a framework called Laravel to build our more bespoke applications. Every year, there is usually a major update to Laravel which introduces brand new features that we didn’t have access to before. Usually, this means that certain problems that we’ve had to solve manually can now be solved right in the framework. This reduces the amount of setup we need to do when starting a project, ultimately saving us time and saving our clients money.

Reducing manual processes

This doesn’t typically apply to your traditional software that you might install on your computer or your phone, but it can affect high-level systems that are used by professionals. If a system isn’t regularly updated, there can come a point where you can no longer update incrementally through an automatic updater and instead, have to make a big jump that usually involves a much more manual process.

For example, most websites run on a server somewhere, and usually (not always) the server runs on a version of Linux. If you forget to update for quite a while, the functionality to update is removed from your version and it becomes extremely difficult to move upwards to a new version. It’s possible, but it usually requires editing the system manually.

When this happens, it’s usually easier to set up a fresh install of the system, rather than trying to update the current one. This causes downtime as you need to migrate all the things from the old server over to the new one.

Image for An abstract illustration showing the precariousness of technical debt

Avoid technical debt

Technical debt is a broad way of describing the future work that is required as a result of taking development shortcuts in order to benefit from short-term gains. For example, if a piece of work would take too long and there’s a temporary workaround you can use that can get the job done quicker, that would contribute to the technical debt of the project. It sounds like a bad thing, but it’s not entirely bad when used correctly. Think of it like a loan. If we need to get ahead of something or gain time, we can take a loan out and dip into our technical debt, and pay it off later when we get more time.

Neglecting to update our system can contribute to technical debt in an unnecessary way, as the longer we leave it, the more updates we will likely have to do, increasing the time needed to proceed. It may also mean having to implement workarounds for things that would have been fixed in future updates of software. We are giving ourselves future work that we will have to deal with later by needlessly adding to the pile of technical debt, rather than undertaking necessary updates.

Summary

To summarise, keeping all software up-to-date is always a good idea. Usually, it won’t take long, but neglecting to do so can have massive security implications with risks that are just not worth taking! You don’t have to be on the bleeding edge or use in-development versions, but regularly checking and applying updates is more than enough to keep you safe.

Related insights

Abstract illustration of a laptop and icons representing technical debt

What is technical debt and why do charities need to know about it?

View post
A laptop screen displaying a developer writing clean maintainable code

Writing clean, reusable, and maintainable code

View post
Screenshot of some Laravel PHP code

How can charities benefit from a custom web application?

View post

Are you ready to amplify your purpose?

Email us

or give us a call: 01962 659 123