The remediation of the recent log4j security vulnerability has solidified an idea in my mind. Services and infrastructure must be regularly deployed to be considered healthy long-term.
I’ve read through several Reddit threads where people in companies with a strong devops culture had an easier time doing the dependency update and deploy as opposed to others. The issue people tend to have were updating services that have had infrequent and/or manual deploys. This made it much more difficult for on-call engineers to update the dependency and track down how to properly deploy the service.
I’ve struggled with the consequences of irregular deploys at past companies. That’s why I suggest having regular deployments of your code and infrastructure, even if it’s a no-op to make sure you can.