Preliminary Findings about DevSecOps from Grey Literature

Mao, Runfeng; Zhang, He; Dai, Qiming; Huang, Huang; Rong, Guoping; Shen, Haifeng; Chen, Lianping; Lu, Kaixiang

doi:10.1109/qrs51102.2020.00064

Cited by 32 publications

(21 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is worth mentioning that an equivalent study found that the implementation of DevOps allowed a decrease in the code release time and the deployment of pipeline services, based on a joint and experimental work to enhance their production [31]. On the other hand, another study showed that the adoption of the DevOps culture helped to increase the number of reports and improve the quality of the different stages of software development [26].…”

Section: Resultsmentioning

confidence: 99%

“…The cultural change with DevOps, values and identifies the common goals of the team members, who stimulate collaborative work and detachment activities, demonstrating that joint actions allow the benefit for the company or organization, based on its philosophy of implementing the reduction of time for the confirmation of a system change, while ensuring high quality [26]. The sum of the experiences put into consideration in previous lines about the adoption of DevOps in the company, allows establishing the practice of a collaborative culture minimizing the conflicts that could derive in the rupture of the developers' work flow.…”

Section: Research Articlementioning

confidence: 99%

See 1 more Smart Citation

DevOps as a culture of interaction and deployment in an insurance company.

Melgar¹

2021

TURCOMAT

View full text Add to dashboard Cite

This study provides the contributions of the implementation and development of DevOps in the integration and deployment of software in the organization due to problems previously detected regarding the speed and quality of reports. The arguments assumed from a DevOps culture, respond to: techniques and practices of continuous integration, continuous deployment, test automation, collaboration, automation, measurement and monitoring; these facts, was thanks to the implementation of the pre-experimental research design of applied type, in a sample of 48 weekly sprints, with a total of 96 user stories of the project taken from the organization. The study allowed to demonstrate the decrease of the Cycletime of days on average, increase the frequency of code release and increase the percentage of attention ratio, based on these results, it was possible to demonstrate the improvement of the speed during the deployment and quality of software processes, these results were thanks to the adoption of DevOps as a culture of interaction and deployment in an organization in the insurance sector.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Research Articlementioning

confidence: 99%

DevOps as a culture of interaction and deployment in an insurance company.

Melgar¹

2021

TURCOMAT

View full text Add to dashboard Cite

show abstract

“…Finally, it is worth relating our study with the multivocal literature review by Pereira-Vale et al [58], and with the grey literature review by Mao et al [43], even if focused on DevOps rather than on microservices. Pereira-Vale et al [58] report the state of art and practice of the security solutions that have been proposed for microservice-based systems, and they identified the most used ones.…”

Section: Related Workmentioning

confidence: 99%

“…Pereira-Vale et al [58] report the state of art and practice of the security solutions that have been proposed for microservice-based systems, and they identified the most used ones. Mao et al [43] instead report on the state of practice of DevSecOps, by first overviewing the currently existing risks in classical DevOps practices, and by then illustrating the best practices in DevSecOps and how they enable addressing the security risks of DevOps. The reviews by Pereira-Vale et al [58] and by Mao et al [43] differs from ours because they focus on the solutions proposed to support securing microservices, whereas we focus on distilling smells that may result in security issues in microservices.…”

Section: Related Workmentioning

confidence: 99%

Smells and Refactorings for Microservices Security: A Multivocal Literature Review

Ponce¹,

Soldani²,

Astudillo³

et al. 2021

Preprint

View full text Add to dashboard Cite

Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. If security "smells" affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the currently available knowledge on securing microservices is scattered across different pieces of white and grey literature, our objective here is to distill well-known smells for securing microservices, together with the refactorings enabling to mitigate the effects of such smells. Method: To capture the state of the art and practice in securing microservices, we conducted a multivocal review of the existing white and grey literature on the topic. We systematically analyzed 58 studies published from 2014 until the end of 2020. Results: Ten bad smells for securing microservices are identified, which we organized in a taxonomy, associating each smell with the security properties it may violate and the refactorings enabling to mitigate its effects. Conclusions: The security smells and the corresponding refactorings have pragmatic value for practitioners, who can exploit them in their daily work on securing microservices. They also serve as a starting point for researchers wishing to establish new research directions on securing microservices.

show abstract

“…With the evolution of SDL, various studies have focused on the importance of collaboration and communication between software operators and developers. Recently, the need for security prompted the collaboration between developers and operators by involving security experts from the start of SDL [ 13 , 14 ].…”

Section: Introductionmentioning

confidence: 99%

HEAD Metamodel: Hierarchical, Extensible, Advanced, and Dynamic Access Control Metamodel for Dynamic and Heterogeneous Structures

Kashmar

Adda

Ibrahim

2021

Sensors

View full text Add to dashboard Cite

The substantial advancements in information technologies have brought unprecedented concepts and challenges to provide solutions and integrate advanced and self-ruling systems in critical and heterogeneous structures. The new generation of networking environments (e.g., the Internet of Things (IoT), cloud computing, etc.) are dynamic and ever-evolving environments. They are composed of various private and public networks, where all resources are distributed and accessed from everywhere. Protecting resources by controlling access to them is a complicated task, especially with the presence of cybercriminals and cyberattacks. What makes this reality also challenging is the diversity and the heterogeneity of access control (AC) models, which are implemented and integrated with a countless number of information systems. The evolution of ubiquitous computing, especially the concept of Industry 4.0 and IoT applications, imposes the need to enhance AC methods since the traditional methods are not able to answer the increasing demand for privacy and security standards. To address this issue, we propose a Hierarchical, Extensible, Advanced, and Dynamic (HEAD) AC metamodel for dynamic and heterogeneous structures that is able to encompass the heterogeneity of the existing AC models. Various AC models can be derived, and different static and dynamic AC policies can be generated using its components. We use Eclipse (xtext) to define the grammar of our AC metamodel. We illustrate our approach with several successful instantiations for various models and hybrid models. Additionally, we provide some examples to show how some of the derived models can be implemented to generate AC policies.

show abstract

Preliminary Findings about DevSecOps from Grey Literature

Cited by 32 publications

References 26 publications

DevOps as a culture of interaction and deployment in an insurance company.

DevOps as a culture of interaction and deployment in an insurance company.

Smells and Refactorings for Microservices Security: A Multivocal Literature Review

HEAD Metamodel: Hierarchical, Extensible, Advanced, and Dynamic Access Control Metamodel for Dynamic and Heterogeneous Structures

Contact Info

Product

Resources

About