Train Delivery team members about the planned security releases
With the introduction of multiple security releases per month &1125 (closed), each milestone there will be at least two planned releases that will include bug and security fixes. This cadence allow us to ship scheduled fixes roughly within the bug SLO and vulnerability remediation SLA of 30 days
Before having multiple planned releases per month, Delivery team was used to doing reactive work, e.g.
- Trigger critical security releases at SIRT request
- Prepare patch releases when a certain threshold is met
- Prepare patch releases when a customer requires it.
Now, we have the opportunity to change from reactive to scheduled work. This issue is to train Delivery team members to refer to the SLO when preparing the release schedule
Action items:
-
Update the patch release process -
Update the security release process -
Dedicated firedrill for this process -
Add resource to the release manager training template