Our policy is to only use supported and up-to-date software.
We update server and software patches at a minimum monthly, though we action any critical security patches on an urgent, as soon as possible basis.
We only install 3rd party software from official sources such as package libraries Packagist and npm. We have a range of tools that monitor and report on software versions and system updates, which are automated wherever possible including:
- GitHub Dependabot (Composer, NPM packages)
- Roave Security Advisories (Composer packages)
- WPVulnerability (WordPress)
Our normal process is to update software as part of technical support. Where a major upgrade is required (i.e. between major versions) that requires two hours or more of work then we will schedule this in as maintenance work.
It is our policy to use currently supported software for any 3rd party software we rely on for your project. If you have a support and maintenance contract with us we will perform updates as part of our support service. Where major upgrades are required which require additional work we'll highlight this and discuss a suitable plan.