Building Software Applications Securely with DevSecOps: A Socio-Technical Perspective

Abstract: While continuous real-time software delivery practices induced by agile software development approaches create new business opportunities for organizations, these practices also present new security challenges in the DevOps environment. DevSecOps attempts to incorporate advanced automated security practices for agility in the DevOps environment. Mainstream perspectives of DevSecOps tend to overlook the collaborative role played by social actors and their relations with technologies in securing software applica… Show more

“…Organizational and management system DevSecOps is a logical continuation of the current scheme of software-digital production DevOps, with the above described system of safety testing (in various modes) integrated into the processes of software products production, which allows to obtain in conjunction with more complete (compared to DevOps) production communication management system between the key participants of software-digital engineering and production cycle -Figure 3 [23][24][25][26][27][28]. Analysis of relevant scientific papers and publications on the device and system of DevSecOps methodology functioning, such as R. N. Rajapakse [29] (system information and analytical review on the device of DevSecOps methodology and the problems of software-digital production transition from DevOps to the integration of the logical security-free section in the generalized concept of transition to DevSecOps), A. Ibrahim [30] (research and development of proposals for implementing DevSecOps in a modular solution (using cloud services) in DevOps-based digital production process), A. Landry [31] (analyzing the experience of implementing DevSecOps-based security tools and building an internal secure data transmission system in service communications for the US Department of Defense -DARPA Secure Handhelds on Assured Resilient networks at the tactical Edge (SHARE)), N. Harshitha [32] (analyzing the integration of DevSecOps security tools in Cloud Computing technologies), M. Orosz [33] (application of DevSecOps organizational and management system in the space industry), A. Schwan-Gijima [34] (information and analytical review regarding the device and methods for implementing DevSecOps security tools and blocks in software-digital production processes), Y. Malhotra [35] (study of the problems of implementing IaC, DevSecOps and MLops security tools in hybrid cloud computing with zero-trust beyond "lift and carry"), M. Ekoramaradhya [36] (study of the possibility of applying security tools for implementation in digital Internet of Things (IoT) protection protocols), allows to formulate a generalized system-wide view of the structure of the studied organizational and management system.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

“…Organizational and management system DevSecOps is a logical continuation of the current scheme of software-digital production DevOps, with the above described system of safety testing (in various modes) integrated into the processes of software products production, which allows to obtain in conjunction with more complete (compared to DevOps) production communication management system between the key participants of software-digital engineering and production cycle -Figure 3 [23][24][25][26][27][28]. Analysis of relevant scientific papers and publications on the device and system of DevSecOps methodology functioning, such as R. N. Rajapakse [29] (system information and analytical review on the device of DevSecOps methodology and the problems of software-digital production transition from DevOps to the integration of the logical security-free section in the generalized concept of transition to DevSecOps), A. Ibrahim [30] (research and development of proposals for implementing DevSecOps in a modular solution (using cloud services) in DevOps-based digital production process), A. Landry [31] (analyzing the experience of implementing DevSecOps-based security tools and building an internal secure data transmission system in service communications for the US Department of Defense -DARPA Secure Handhelds on Assured Resilient networks at the tactical Edge (SHARE)), N. Harshitha [32] (analyzing the integration of DevSecOps security tools in Cloud Computing technologies), M. Orosz [33] (application of DevSecOps organizational and management system in the space industry), A. Schwan-Gijima [34] (information and analytical review regarding the device and methods for implementing DevSecOps security tools and blocks in software-digital production processes), Y. Malhotra [35] (study of the problems of implementing IaC, DevSecOps and MLops security tools in hybrid cloud computing with zero-trust beyond "lift and carry"), M. Ekoramaradhya [36] (study of the possibility of applying security tools for implementation in digital Internet of Things (IoT) protection protocols), allows to formulate a generalized system-wide view of the structure of the studied organizational and management system.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

Training and Security Awareness Under the Lens of Practitioners: A DevSecOps Perspective Towards Risk Management