9 Reasons for keeping software dependencies up to date
In this post, we will explore nine reasons why keeping software dependencies up to date is a very important task, and why it should be part of every software developer’s work routine.
Keeping software secure
Upgrading your software dependencies does not only provide you with the latest and greatest features and APIs, but it also provides you with bug fixes and plugs for security issues discovered in previous versions.
Most managers would argue that their software environments are “isolated” or “of low interest” and therefore are not likely to be attacked, until the shit hits the fan and a security incident occurs. According to the computer cyber-security firm Avast, 52% of all software vulnerabilities stem from the usage of outdated software. Examples include using older Java versions and older browsers. You can read the report here
When it comes to security, a small effort can reduce the risk of a very financially and legally damaging security incident.
When you update your dependencies, you do not only improve the security of your software, but you also get all the performance improvements that the newer dependency version provides. These improvements can come in many forms, such as fixes for previous performance issues, improved implementations and algorithms, or changes that would improve the scalability of your application.
So the next time you hit a performance bottleneck, consider updating your dependencies as an option.
Not only do you get security issues plugged in, but you also get software and business logic issues fixed.
While this point can be kind of an obvious one, many developers just learn to work around bugs in their software dependencies, and just keep doing their thing. While getting around issues is a part of a software developers job, maintaining software built on top of faulty dependencies is more expensive in the long term, as those work around will need to be tested and retested every time you make a change in your software.
Cheaper overall upgrade costs
Let us face it, sooner or later you will need to upgrade that library or that dependency in your application. Some developers upgrade their dependencies often and others do it once every couple of years. The problem with infrequent upgrades is that it can be quite expensive. You will usually have to do a lot more work doing 2 years worth of upgrades that a tiny monthly one. This is because there are a lot less changes that you need to apply when upgrading from a dependency 5.2 to 5.3 than to upgrade from 3.4 to 5.3.
When you do big upgrade jumps, it is usually a lot harder to go through years of release notes and upgrade changes. You will need to make a lot more changes in your software in order to be compatible with the newer libraries. This makes things more expensive.
Frequent smaller upgrades gives you more control and allows you to better plan ahead to accommodate changes.
This one is kind of an obvious one but still belongs to this post 😉 . Upgrading your dependencies provides not only provides improvements to existing features, but also provides you access to new features that did not previously exist. These new features may finally allow you to implement your own new features to woo your customers.
Maintaining compatibility with other software
If you neglect upgrading a dependency or a library, then sooner or later you will not be able to run your software on your favorite platform. For example, if you stop upgrading your database drivers in your software, then you will be stuck using older versions of the database system. Not only does this makes your software outdated and vulnerable, but you may even not get any support from that database system provider.
Software vendors can usually maintain a window of backward compatibility. For example, a video game developed on Windows 7 will probably be usable on Windows vista. But a game developed for Windows 10 will be a lot less likely to run on your Windows Vista or XP computer. Same goes for software. Keeping your dependencies up to date allows you to make use of newer products and technologies.
Improves your adaptability
Everyday we hear about this hot new software library or technology (think big data or blockchain). If your code is old and dusty, full of outdated dependencies, you will have a very hard time adapting to changes in market needs. Since it is harder for older software to be compatible with newer technologies, this means that it will cost more for you and your customer to integrate that nice MongoDB system or an elastic search server. So your customer will more likely go to a competitor than to you for their brand new feature.
Keeping your software up to date makes it more accommodating for changes and adaptable to customer requests.
Easier to attract talent and grow your business
It is probably a lot easier to find a Python developer than a ALGOL W programmer. This is because software developers are more likely to learn newer, more exciting technologies than older ones.
If your software is dependent on outdated dependencies or technologies, then you are more likely to have a hard time growing your team. This is because it is harder to find people with experience in these older technologies. You may also turn off potential team-mates by your old technologies and methods.
Improved support from third party vendors
Sometimes you will need direct assistance from a third party vendor. For example, when you find a bug or need some guidance performing a task. Well, you are a lot more likely to get a helpful response from your software vendor when you are using their latest version than when you are using something outdated or at the end of its life.
When you are encounter an issue using an older version of somebody’s software, the first response you would get when asking for help will likely be “did you try an upgrade?”. Some vendors will either recommend an upgrade or simply refuse to support you until you perform an upgrade, especially in the case of open source software, where the developers have no obligation what so ever to support older versions.
So keep your software up to date if you would like a better response from your third party software providers.
In this post, we have explored several reasons for keeping software dependencies up to date. Not only would that benefit your software, making it more secure, but it can be beneficial for your customers as well.
If you liked this post then please make sure to follow us on twitter by kicking the follow button below 🙂