I'm Brett Slatkin and this is where I write about programming and related topics. You can contact me here or view my projects.

15 May 2013

Fixing Security using Continuous Deployment

I enjoyed this slide deck from Nick Galbreath, especially slide 25, which states the following hypothesis:
  • It is impossible to simulate the production environment in development, either due to operational differences or data differences.
  • No amount of QA or Security Testing can prove you don't have bugs, vulnerabilities, or cause severe operational problems.
  • You have bugs and vulnerabilities, right now, in your application.

And the conclusion is that the only solution is continuous deployment. Indeed! I'm happy to see this viewpoint taking hold.

Here are the slides:

© 2009-2024 Brett Slatkin