I was hired by the Drupal Association in October 2014 to develop a new revenue stream from advertising on Drupal.org. For some time we’ve been trying to diversify revenue streams away from DrupalCon, both to make the Association more sustainable and to ensure that DrupalCons can serve community needs, not just our funding needs. We’ve introduced the Drupal Jobs program already and now, after conversations with the community, we want to put more work into Drupal.org advertising initiatives.
This new revenue stream will help fund various Drupal.org initiatives and improvements including better account creation and login, organization and user profile improvements, a responsive redesign of Drupal.org, issue workflow and Git improvements, making Drupal.org search usable, improving tools to find and select projects, and the Groups migration to Drupal 7.
We spent time interviewing members of the Drupal Association board, representatives of the Drupal Community, Working Groups, Supporting Partners, and Drupal Businesses, both large and small to help develop our strategy and guidelines. Our biggest takeaways are:
- Advertising should not only appeal to advertisers, but also be helpful to our users and/or our mission.
- When possible, only monetize users who are logged out and not contributing to the Project. If you’re on Drupal.org to do work and contribute, we don’t want you to see ads.
- Don’t clutter the site, interfere with navigation or disrupt visitors, especially contributors.
- Do not put ads on pages where users are coming to work, like the issue queue.
- Advertising products should be inclusive, with low cost options and tiered pricing. We want to make sure that small businesses without huge marketing budgets have the opportunity to get in front of the Drupal Community.
- Create high impact opportunities for Partners that already support the Community.
- Address the industry-wide shift to Programmatic Advertising, which is the automated buying and selling of digital advertising.
There are already advertising banners on Drupal.org, however we need to expand their reach to hit our goals. We’re trying to address challenges for our current advertisers, including a relatively low amount of views on pages with ads, which makes it difficult for them to reach their goals.
We’re also facing industry-wide challenges in Digital Advertising. Advertisers are looking for larger, more intrusive ads that get the users’ attention, or at the very least use standard Interactive Advertising Bureau (IAB) ad sizes, which are larger than the ads we offer on Drupal.org.
We came up with a new line of products that we feel will help us reach our goals, but not disrupt the Drupal.org experience, or the Drupal Association Engineering Team roadmap. We want our Engineering Team to fix search on Drupal.org, not spend time developing and supporting major advertising platforms.
2015 Advertising Initiatives:
- The ongoing development of curated content with banner ads including resource guides, content by industry and in the future, blog posts.
- Continued display of banner ads on high profile pages like the Homepage, Marketplace and Case Studies Section.
- Sponsored listings from Supporting Technology Partners (similar to Hosting Listings).
- Opt-in email subscriptions with special offers from our Supporters.
- Audience Extension: a secure, anonymous, non-interruptive way to advertise to Drupal.org visitors. It allows advertisers to programmatically reach the Drupal.org audience while on other websites through Ad Networks and Exchanges.
I wanted to spend most of my time explaining Audience Extension, since its unlike anything we’ve done in the past, and it may prompt questions. This product makes sense because it addresses all of the challenges we’re facing:
- It’s affordable for small businesses; they can spend as little as $200 on a campaign
- We don’t need to flood the site with ads and disrupt the user experience.
- It’s relatively easy to implement - we won’t interrupt the engineering team or their efforts to improve Drupal.org.
- We will only target anonymous (logged out) users.
- We will support “Do Not Track” browser requests.
- This is an industry-wide standard that we’re adopting.
- Anonymous users will have the option to opt-out.
- This improves the ad experience on other sites with more relevant, useful ads that also support the community.
How does Audience Extension Work?
- The program is anonymous. No personally identifiable information (such as email address, name or date of birth) is gathered or stored.
- No data is sold or exchanged, this merely gives advertisers the opportunity to buy a banner ad impression within the Perfect Audience platform.
- It's easy to opt-out. You can just click over to the Perfect Audience privacy page and click two buttons to opt out of the tracking. Here's the link.
- Drupal.org will support “Do Not Track” browser requests and only users who have not logged in (anonymous) will be included in the program.
- It does not conflict with EU privacy rulings. Advertiser campaigns for Partner Connect can only be geotargeted to the United States and Canada right now.
- Only high quality, relevant advertisers who have been vetted by an actual human will be able to participate in this program. Some good examples of Perfect Audience advertisers would be companies like New Relic and Heroku.
- Perfect Audience is actually run by a Drupaler! The first business started by founder Brad Flora back in 2008 was built on Drupal. He spent countless hours in the IRC channel talking Drupal and posting in the forums. He understands how important it is to keep sensitive pages on Drupal.org an ad-free experience and he’s very excited to be able to help make that happen.
- This program has the potential to generate significant revenue for the Drupal Association and Project over time as more advertisers come on board.
It’s important that we fund Drupal.org improvements, and that we do so in a responsible way that respects the community. We anticipate rolling out these new products throughout the year, starting with Audience Extension on February 5th. Thanks for taking the time to read about our initiatives, and please tell us your thoughts!
Now the new year has started, it's time for our community to think about the future. It has become a tradition for for years now to predict what the year ahead will bring for us -- so share your thoughts!
It's time to reflect on our previous predictions and start dreaming away for the year ahead. What will the year ahead bring for our community and our product, and how can we make this reality by working together? Share your thoughts and your predictions for 2015 as a comment, and let's look back in a year's time to see how we scored on making those dreams a reality.
Happy birthday to Drupal! On this day in 2001, Drupal 1.0 was released.
This milestone is the perfect time to talk about some of the findings of our recent community survey. The survey findings offer a window into what community members are thinking as the project matures and evolves. It also gives us at the Drupal Association a way to better understand what we're doing right and what we could be doing better. There aren't many surprises (and that's a good thing), but all of the findings are educational. Here are three results we thought were particularly interesting and insightful.Drupal 8 Will Be Broadly Adopted
In the survey, about 80% of respondents said they either plan to start using Drupal 8 as soon as it is released, or plan to adopt it at some point after release. Another 8% said they did not have specific plans to adopt, but do plan to evaluate Drupal 8.
Drupal.org Remains an Important and Heavily-Used Tool
The overwhelming majority of respondents said they use Drupal.org more than once per week. Most also say they are satisfied or somewhat satisfied with the site. While that result is encouraging, it does not change the important mission to improve the experience of the site and make it a better tool for everyone from first time visitors to those who spend the majority of their working time on the site.
We Need to Create Broader Awareness of Drupal Association Programs
Community members who took the survey have great awareness of DrupalCons. Awareness of the work we are doing on Drupal.org seems to be steadily growing. But awareness is relatively low for Community Grants and our Supporter Programs that provide a way for organizations to give back to the Project. That awareness is clearly something we need to improve to promote transparency.
If you would like to read the full results, you can access them here (2.8M PDF). Thanks for reading, and thanks for being a part of this amazing community.
Drupal.org will be affected by maintenance Monday, December 15th 17:00 PST, 01:00 UTC (1 day after).
New database servers are being deployed for Drupal.org. This hardware refresh should greatly improve database query performance on Drupal.org. The deployment should require less than 15 minutes of downtime on Drupal.org if no major issues are encountered.
Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.
Thanks for your patience!
On October 29, the Drupal Security Team issued a Public Service Announcement (PSA) as a follow-up to Security Advisory SA-CORE-2014-005, which disclosed a serious SQL Injection vulnerability in Drupal 7. Our goals with the PSA were to:
- Provide an update on the time window between disclosure and first-known exploits
- Provide guidance for users who patched or upgraded outside that window
- Reiterate the severity of the vulnerability and the importance of upgrading or patching
(Speaking of which, if you have not remediated yet, please stop reading and do so.)
While we feel those goals were accomplished, the PSA also resulted in a large volume of press coverage – in fact much more coverage than the original disclosure of the vulnerability on October 15th. Not surprisingly, the general tone of the press coverage was quite negative. Unfortunately, some of the coverage was also inaccurate which we’d like to address here as well as provide additional context regarding our security processes.
While we don’t know the total number of Drupal sites affected, the number is not near 12 million as stated in several publications. Unless disabled, individual Drupal sites report their existence back to Drupal.org and this system reports around 1 million total Drupal sites. While this is not an exact measure of live Drupal sites we can infer that the affected number of specifically vulnerable Drupal 7 sites is more likely to be under 1 million.
SA-CORE-2014-005 was certainly a severe issue, if not the most severe issue in Drupal’s history; but it’s important to recognize all software has bugs and security issues that require a remediation process. Finding, fixing and announcing security patches is evidence of a healthy security process and Drupal is one of the few content management systems with a dedicated security team that covers both Drupal core and contributed code.
The above said, there are lessons from both the original disclosure and the follow-up PSA that might result in some changes to the Drupal Security Team policy and process, however we want to reinforce that we are deeply committed to keeping Drupal secure. We encourage you to read this whitepaper that explains our processes, policies and contains a good overview of Drupal security.
If you ever have questions, please use the public discussion area for general topics at https://groups.drupal.org/security or contact us (email@example.com). Or better yet, get involved. You can find more information on the Drupal Security Team page.
-Drupal Security Team
There are a growing number of licensing-related issues on Drupal.org that are unresolved. Additionally, volunteers who have been tackling licensing issues believe that the policies are often applied inconsistently. The result is that contributors are often left in a difficult situation, unsure if they should contribute their code or not, and the Drupal project is left at risk when non-compliant code is uploaded to Drupal.org.
To solve this problem, several of the key volunteers met in July and determined that a Licesning Working Group, modeled after other Drupal and Drupal.org governance bodies and supported by training from the Drupal Association law firm, could provide more consistent oversight. At the 21 November meeting, the Drupal Association Board of Directors approved the draft charter written by those volunteers.
Now it's your turn! We're looking for 4-5 individuals to serve on the Working Group. You'll receive lots of support from the Drupal Association when you need it, and you'll be making a direct impact on the happiness of our contributors and the safety of the Drupal project. Just fill out the form below and we'll get back to you. We expect to approve a slate of candidates during the 21 January board meeting. Questions? Email the Drupal Association Executive Director, Holly Ross, at firstname.lastname@example.org.Drupal News