Recently our company worked with partners and sponsors to create a thoroughly researched, high quality document about the state of security in the open source Drupal project. You can download the report from DrupalSecurityReport.org, but right now I want to talk about the motivations, the audience, and the funding model behind the report because we feel that we've solved a tricky problem: funding expensive work in an easily copied medium (PDF downloads). We decided to try a variation on Techdirt's strategy to "Connect with Fans and give them a Reason to Buy".
This report was something that my colleague Ben Jeavons and I had wanted to do for a long time, but we couldn't fund it entirely from our own company resources. The target audience for the report is people who are considering Drupal and we didn't feel that they would be willing to spend money purchasing the report.
Connect with Fans
Fortunately, we have built up an audience among people interested in Drupal Security. Last fall I did a security webinar for a few hundred folks leveraging Acquia's webinars. Our blogs are directly read by a few thousand people interested in Drupal and are syndicated to over 20,000 readers readers interested in the topic. We've also done several presentations on Drupal security.
So, with a purpose and some fans in tow, we turned to business contacts we've made over the years to see if they could help with funding.
Reason to Sponsor
Based on discussions with them, our sponsors were motivated to sponsor the report based on three major ideas (and one sub-idea).
- They sell Drupal in the enterprise space and are often confronted with questions about security and don't have a good answer. They wanted something they could point to.