For a long time, the preferred approach to network service security has been the hardened bunker: define a system, deploy it, and patch it promptly when security vulnerabilities in the components used are reported and fixed.

However, continuous integration services and automated deployments have opened up a new model: the moving target that grabs new releases of dependencies almost as soon as they are available, runs them through the CI process like any other software change, and then deploys them to production. Even if a new security flaw slips through testing, that's considered better than being exposed to the flaws that were classified as normal bug fixes, but actually represented security issues.

release-monitoring.org is a shared community service born out of the Fedora Infrastructure team that monitors for new upstream releases, and emits structured events that can be used to automatically trigger appropriate follow-on action.

So if you'd like to learn how to drink from the firehose, this talk's for you!