The case for continuous automated security validation