Guides

Why keeping your Ruby on Rails application up to date should be a no-brainer

There are several reasons why you should consider keeping your Ruby on Rails web application up to date.

The primary, and most obvious, reason that most people reach for are the new features in a new release. After all, they’re what grab the headlines. From a developers standpoint, it’s new, shiny technology so, of course, we’re looking to find an excuse to try it out. If you’re embarking on a new project where the new features will be an integral aspect then that alone might easily justify the investment in an upgrade.

The next big reason is faster performance. We have seen steady performance increases in both Ruby and Rails versions over the last few years. If your Rails application hasn’t been upgraded for a while then an upgrade could result in some significant speed increases. The actual amount varies by application, of course, but when we’ve upgraded applications for clients it has resulted in responses feeling generally snappier.

Which leads to what I consider a bigger, more important, reason—stability and security. If your business relies on your application then it stands to reason that it must be up and running. If it’s not working then you’ll likely have unhappy customers plus staff just sitting around unable to work. Staying up to date means that bugs and security vulnerabilities get fixed which mitigates the risk of the web application causing errors or being hacked and compromised.

In today’s world, with new laws like GDPR, it is more crucial than ever that you take every necessary step to keep your own and your customers data secure and private. Leaving your web application un-patched from known security vulnerabilities is tantamount to dereliction of your duty, and you open yourself up to the possibility of huge fines. There have been many instances[1] of companies being fined by the ICO for data protection breaches where they failed to take suitable precautions in protecting the data that was in their care.

Technology is always marching forward. As I’ve written before, software doesn’t stand still. As with any asset, regular maintenance ensures it doesn’t become a liability. Much like it pays to service your car regularly, investing in maintenance of your bespoke software ensures that it is capable of change as business needs dictate.

When software systems don’t have a budget for support and maintenance and they are left to decay, then inevitably when there is a need for changes to the software it takes longer and costs more, leaving all parties frustrated.

Planning, and making a budget for maintaining your software is crucial to keep it operational. Staying within the supported windows of the underlying software makes everyone’s lives easier, and gives the business more options on where to turn.

When we perform a code audit of a Ruby on Rails application, one of the pillars we evaluate it against is “safety”. We compare the versions of Ruby and Rails it is running against the latest released versions, and review the code for known exploits or vulnerabilities in any of its dependencies. We also audit the infrastructure to determine whether the operating system and fundamental components like web servers and databases are vulnerable. We look for misconfigured components that could be exploited by malicious actors.

If you rely on your Ruby on Rails application as part of your business operations and one or more of these points give you pause, then it’s likely that the costs for keeping up to date and minimizing your risks will be pretty small in the grand scheme of things so it ought to be a no-brainer.

If you’re concerned and would like an informal chat about any of the points I’ve raised in this article enter your email here and I’ll send you more information and set up a time to jump on a call.


  1. https://www.computerworlduk.com/galleries/data/biggest-fines-issued-by-ico-3679087/ ↩