"The instant they fixed it and hit save they would get another e-mail from brakeman saying "Hey, thank you so much. Thank you for fixing the SQL injection vulnerability. Please rate our instructions on helpfulness 1-5 stars," Kim explains.
A survey recently conducted by automated server management software provider JumpCloud found that such security automation — including activities such as patching, user management, log analysis, and forensics — is an integral part of the DevOps movement.
That's exactly how security should be coupled to the process, explains Burns. "You build these small feedback loops that are tightly coupled between the developers and the operation roles so you log more events. When you are security and you are part of those conversations you get to make these incremental improvements and pivot with the product or the service as they're developing it," Burns says.
Sign up for Computerworld eNewsletters.