Defenders always run into a wall when it comes to rolling out security features or fixes that have the potential to break everything--but feature flags can change that. Feature flags are a powerful ramp-up methodology to allow developers (or security folks) to enable or disable site functionality. We'll dive into ways to ramp up new security functionality and fix complex bugs using feature flags with specific examples from etsy's bug bounty. We'll also touch upon the topic of A/B testing, and explore a real world security feature development scenario involving A/B testing to add full-site ssl to a website.