Reframing Security in Contemporary Software Development Life Cycle

“…In contrast to existing approaches, the solution proposed in this paper uses potential vulnerabilities (gathered from automation software, such as vulnerability scanners) and utilizes neural network algorithms and the dataset processed using a Natural Language Processing (NLP) approach (where typically NNs yield the best results [23]) to classify the vulnerabilities as confirmed/unconfirmed. As an input for the introduced algorithm, any pre-compiled list of software vulnerabilities (with no limitation to a specific scanning solution) can be used.…”

“…• Continuous integration and continuous deployment: tools that store the set of created pipelines in the form of a set of instructions that will be executed (to build ready FIGURE 1. SDLC adoption in [23] to use applications) and when it should be executed (the scheduled event or triggered by a predefined action). • Testing: for bug and problem-free applications, it should only be allowed to be deployed in the production environment where the end customers are dealing with the delivered software.…”

Context-Aware Software Vulnerability Classification Using Machine Learning

“…In contrast to existing approaches, the solution proposed in this paper uses potential vulnerabilities (gathered from automation software, such as vulnerability scanners) and utilizes neural network algorithms and the dataset processed using a Natural Language Processing (NLP) approach (where typically NNs yield the best results [23]) to classify the vulnerabilities as confirmed/unconfirmed. As an input for the introduced algorithm, any pre-compiled list of software vulnerabilities (with no limitation to a specific scanning solution) can be used.…”

“…• Continuous integration and continuous deployment: tools that store the set of created pipelines in the form of a set of instructions that will be executed (to build ready FIGURE 1. SDLC adoption in [23] to use applications) and when it should be executed (the scheduled event or triggered by a predefined action). • Testing: for bug and problem-free applications, it should only be allowed to be deployed in the production environment where the end customers are dealing with the delivered software.…”

Context-Aware Software Vulnerability Classification Using Machine Learning

“…Lack of automated testing tools [5], [3], [19], [26], [29] CH2 Security manual testing and performance configuration [2], [6], [14], [16], [80] CH3…”

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

“…Organizations have massively embraced DevOps principles due to current customers' demand for highly available, continuous-release, and high-value applications that are useable anytime, anywhere at any platform [20]. Leading ventures such as Google, Netflix, Amazon, LinkedIn, Spotify, Flicker, and Etsy have adopted DevOps practices to release software with a higher pace and better quality [21][22][23][24]. The main objective of the IT organization is always to bring new and superior quality applications with more features to the user, be its an internal consumer of the organization or a consumer in the market [25].…”

Critical Challenges to Adopt DevOps Culture in Software Organizations: A Systematic Review