Preliminary Findings about DevSecOps from Grey Literature
Conference paper
Zhang, He, Mao, Runfeng, Dai, Qiming, Huang, Huang, Rong, Guoping, Shen, Haifeng, Chen, Lianping and Kaixiang Lu, Kaixiang. (2020). Preliminary Findings about DevSecOps from Grey Literature. 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS). Macau, China 11 - 14 Dec 2020 United States: IEEE Computer Society. pp. 450-457
Authors | Zhang, He, Mao, Runfeng, Dai, Qiming, Huang, Huang, Rong, Guoping, Shen, Haifeng, Chen, Lianping and Kaixiang Lu, Kaixiang |
---|---|
Type | Conference paper |
Abstract | Context: Emerging from the agile culture, DevOps particularly emphasizes development and deployment speed to achieve rapid value delivery, which however brings some security risks to the software development process. DevSecOps is an extension of DevOps, which is considered as a means to intertwine development, operation and security. Some companies with security concerns begin to take DevSecOps into consideration when it comes to the application of DevOps. Objective: The goal of this study is to report the state-of-the-practice of DevSecOps as well as calling for academia to pay more attention to DevSecOps. Method: Using Google search engine to collect articles on DevSecOps, we conducted a Grey Literature Review (GLR) on the selected articles. Results: Whilst there exists three major software security risks in DevOps, the establishment of DevOps pipeline provides opportunities for software security activities. Based on the preliminary consensus that DevSecOps is an extension of DevOps, it is observed that the interpretations of DevSecOps can be classified into three core aspects, which are: DevSecOps capabilities, cultural enablers, and technological enablers. Furthermore, to materialize the interpretations into daily software production activities, the recommended DevSecOps practices we obtain from Grey Literature (GL) can be categorized in terms of process, infrastructure and collaboration. Conclusion: Although DevSecOps is getting increasing attention by industry, it is still in its infancy and needs to be promoted by both academia and industry. |
Keywords | Industries; Collaboration; Software quality; Software reliability; Security; Cultural differences; Software engineering |
Year | 01 Jan 2020 |
Publisher | IEEE Computer Society |
Web address (URL) | https://ieeexplore.ieee.org/document/9282798 |
Open access | Published as non-open access |
Research or scholarly | Research |
Publisher's version | License All rights reserved File Access Level Controlled |
Page range | 450-457 |
ISBN | 978-1-7281-8913-0 |
Web address (URL) of conference proceedings | https://ieeexplore.ieee.org/xpl/conhome/9282732/proceeding |
Output status | Published |
Publication dates | |
14 Dec 2020 | |
Publication process dates | |
Deposited | 15 Feb 2024 |
Additional information | Copyright © 2020 by The Institute of Electrical and Electronics Engineers, Inc. |
Place of publication | United States |
https://acuresearchbank.acu.edu.au/item/902x2/preliminary-findings-about-devsecops-from-grey-literature
Restricted files
Publisher's version
460
total views0
total downloads3
views this month0
downloads this month