It’s been a long roller coaster ride for Drupal this year. It all started with one of the biggest security breaches in open source history, where millions of websites were compromised. Then, there was the rumored poor performance of DrupalCons. Cap this with the repeated postponement of Drupal 8 release and, on the outside, it appears that 2015 has not been a great year for Drupal. Despite all the misunderstanding and mishaps, we think Drupal is up for bigger things and even more growth. And here’s why.
The Big Security Breach
Sadly, 2015 found us in the thick of Drupalgeddon – A very big security breach. The issue was magnified by BBC’s incorrect reporting, stating that up to 12 million websites were under attack, but in reality there were less than a million Drupal sites online at the time. Even though content management systems (CMS) are widespread, Drupal only compromises about 5% of the total CMS websites on the internet. Nonetheless, the impact of the attack was so dire that Drupal deemed it to be their most critical attack.
The breach was caused by a vulnerability in the database, where hackers could take over the site and patch it. Basically, the breach let hackers create a custom PHP module, allowing them write files directly into a Drupal site. Drupal announced the vulnerability, released a patch fix and sent a message stating that all Drupal websites had 7 hours to update, else they’d be considered compromised.
It was a mess, both for Drupal as a business and websites running on the CMS.
But let’s review: There was an extremely critical vulnerability found. The Drupal Team went to work and quickly turned around a thorough fix. On top of that, with Drupal 8, PHP module dependencies have been removed to avoid such mishaps in the future. Thus, future sites need not worry about the security threats – Drupal 8 has fixed them.
Take home: Drupal had an error, fixed it and built a sustainable solution. If only all companies were so quick.
DrupalCons Attendance – Not Up To The Mark
With Drupal being an open source CMS, they rely on the success of DrupalCon to plan their yearly budget. Their budget was created based on their attendee forecast and, with Drupal 8 release almost at the finish line, the core committee was banking on much higher attendance. The events were focused on Drupal 8 tutorials and many guest speakers were flown in to entertain the enthusiastic Drupalistas and Drupalites.
Unfortunately, DrupalCon didn’t perform to their expectations. There was a lot of positive response regarding the interest in learning Drupal 8, but the number of people attending didn’t meet their projections. Many blamed it on the Drupal 8 release having been postponed so many times.
But, this scenario is also temporary. Indeed, Drupal just launched Drupal 8 Release Candidate 2! Based on conversations with other developers, the renewed interest in the platform will bring in more active contributors to the community in 2016. Also, we’ve had numerous customers reach out to us about Drupal 8. This drop in attendance: Just a blip on the Drupal growth radar.
Similarly, in 2015 the core Drupal Committee identified a lot of unknown opportunities. Regarding DrupalCon Latin America, they were surprised at the amount of interested Drupalistas attending, as they initially didn’t expect such a crowd. Even though they didn’t make tons of money, the community was genuinely surprised by the response. There are various other hidden treasures that Drupal is researching and analyzing. There will be more growth.
The Finances – It Always Comes Down To This
Numbers always speak louder than words. No matter how we try to portray the current scenario in rosy words and attractive images, finances show the real Drupal picture.
Drupal’s financial committee met mid-year to rework their entire budget, hoping to make amends for the failed forecasts. The result of the new financial plan was big level budget cuts, along with few people losing their jobs. It truly was a dark period for Drupal, as layoffs are one of the toughest decisions to make.
Before you start talking about the death of Drupal, these kinds of mishaps are bound to happen in a growing organization. The budget cuts were not because of the decline in Drupal, but rather a result of poor planning. This year, Drupal as an organization has ventured into new spends, such as advertising and job boards, where there wasn’t enough data to plan accurately. Similarly, since past DrupalCons indicated a higher attendance at DrupalCon Los Angeles, the drop in numbers was a big surprise.
But, Drupal is actively learning from this. For example, they conducted a community-wide survey to understand what attendees expect out of DrupalCons to plan future conferences. There was plenty of valuable data that was gathered and processed to make the future events more fun, as well as profitable.
Take home: These are natural (and probably good) growing pains that any organization has.
Do You Still Feel It’s An Awkward Year For Drupal?
While most might say yes, I feel it’s a rough patch that they’ve come across. However, based on our internal talks and discussions with customers, this will be a non-issue with the final release of Drupal 8.
Plus, I respect the Drupal community for knowing that the slow progress of Drupal 8 is affecting their business and reputation, but still are bound to make the product perfect before final release. They’re not going to release something that is sub-par. Most organizations would look at the business aspect and push the product out and then work on the defects later. If you’re an open source fan, then you should love that Drupal is sticking to their principles to give us a secured product.
Yes, it’s been a rough and awkward year for Drupal. But I think they’ve poised to come out on top. What do you think? Let us know in the comments below.
ABOUT THE AUTHOR:
Krithika is the Senior Content Writer at Drupal Partners. When she’s writing about open source trends, Drupal and Drupal e-Commerce Development, you can find her running behind her 3 year old son and on the quest to find the best carrot cake recipe (with cream cheese <3)! Follow her on Twitter @DrupalPartners.
Don’t say ‘hop’ – there is still 2016 coming, where we will see, whether Drupal 8 will be adopted by the smaller businesses or not. This is one that I am mostly holding fingers crossed for. You can fix a security breach with a patch, but you can’t fix the gaps in learning curve and server requirements as easily.