Engineering dogmas it's time to retire: sprints, no comments, packages

“You are also much more vulnerable to security incidents (and need to spend a significant amount of time chasing updates”

I can’t help but read this as “your security vulnerabilities are much more likely to be caught”. There are no CVE’s for private code, but maybe that’s a bad thing?

If you introduce a remote code execution vulnerability, no one will tell you (perhaps)