I’ve finally settled on the wording for Farris’s Three Laws of Cloud Security Auto Remediation: A bot must never harm stateful data or allow stateful data to come to harm. A bot must act with utmost haste so functionality doesn’t become dependent on a misconfiguration. A bot must announce its existence and tell a carbon-based life form what it did and why. I think these reflect the key tenants of auto-remediation while staying true to the original source of the Three Laws.
