OWASP Building Security In Maturity Model

[CMVM1.2: 85] IDENTIFY SOFTWARE DEFECTS FOUND IN OPERATIONS MONITORING AND FEED THEM BACK TO ENGINEERING.
Defects identified in production through operations monitoring are fed back to development and used to change engineering behavior. Useful sources of production defects include incidents, bug bounty (see [CMVM3.4]), responsible disclosure (see [CMVM2.4]), SIEMs, production logs, customer feedback, and telemetry from cloud security posture monitoring, container configuration monitoring, RASP, and similar technologies. Entering production defect data into an existing bug-tracking system (perhaps by making use of a special security flag) can close the information loop and make sure that security issues get fixed. In addition, it’s important to capture lessons learned from production defects and use these lessons to change the organization’s behavior. In the best of cases, processes in the SSDL can be improved based on operations data (see [CMVM3.2]).