Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach

Valani, Altaz

doi:10.1109/secdev.2018.00032

Cited by 5 publications

(5 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CCH10 (Data Provenance Problem) data provenance means location of particular data when and where that data was generated [60]. Data provenance is one of the biggest challenges identified from literature to authenticate data.…”

Section: A Findings Of Slr (Rq1)mentioning

confidence: 99%

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Rafi

Akbar

et al. 2020

IEEE Access

View full text Add to dashboard Cite

In current era, DevOps gain much interaction in software industry as it provides the flexible development environment. To meet the continuous development and operations, DevOps mainly focus, to integrate the data from heterogeneous source. While DevOps adoption, the quality assessment of data integrated from heterogeneous environment, is important and challenging at the same time. This study aims to identify the critical factors that could negatively impact the data quality assessment process in DevOps. We have used the systematic literature review (SLR) approach and identify a total of 13 critical challenging factors. The finding of SLR are further validated with industry experts via questionnaire survey. Finally, we have applied the Fuzzy TOPSIS approach to prioritize the investigated challenging factors with respect to their significance of DevOps data quality assessment process. The results show that analyzing data in real time, visualization of data and missing information and other invalid data are the highest ranked challenging factors which need to be addressed on priority basis, to successfully measure the quality of heterogeneous data in DevOps. We believe that the finding of this study will assist the practitioner to consider the most significant factors for measuring the quality of heterogeneous data in DevOps. INDEX TERMS DevOps data quality assessment, fuzzy TOPSIS, empirical investigation. SAIMA RAFI received the M.Sc. degree in computer science from the University of Agriculture Faisalabad, Faisalabad, Pakistan, and the M.S. degree in computer science from Government College University at Faisalabad, Faisalabad. She is currently pursuing the Ph.D. degree with the

show abstract

Section: A Findings Of Slr (Rq1)mentioning

confidence: 99%

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Rafi

Akbar

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…To meet the on-demand infrastructures and continuous delivery product, DevOps software organizations are searching for active development approaches. There are many challenges of DevOps identified in literature such as "lack of DevOps knowledge" [69], "conceptual gap between development and operation team" [70], "lack of efficient tools" [20], "continuous testing" [3] etc. However, prior work is done in domain of DevOps security.…”

Section: Background Of Devops Securitymentioning

confidence: 99%

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Rafi

Akbar

et al. 2020

IEEE Access

View full text Add to dashboard Cite

DevOps is a combination of collaborative and multidisciplinary efforts of an organization to control continuous delivery and updates of new software while guaranteeing their reliability and correctness. In the software industry, the implementation of DevOps (development and operations units) faces many challenges that are specifically associated with the security. This study aims to develop a prioritization based taxonomy of DevOps security challenges using PROMETHEE-II approach. The total of eighteen DevOps security challenges were extracted from the literature and were further evaluated with experts using questionnaire survey study. In the third stage, multi criteria decision making PROMETHEE-II approach was used to prioritize and develop the taxonomy of identified factors and their categories. The implications of PROMETHEE-II approach are novel in this research domain as it has been used successfully in various other domains e.g. medical, banking, internet techniques and management etc. The contribution of this study is not limited to develop the taxonomy based structure of DevOps security challenges, but also the proper prioritization of these challenges by introducing PROMETHEE-II approach in the research field of DevOps. The study results will assist the practitioners to remove the uncertainty and vagueness in the opinion of DevOps experts to secure DevOps implementation for better and continuous software development process.

show abstract

“…DevOps provides automation to increase the speed of software delivery but there is a great challenge to maintain the momentum of speedy delivery while performing security activities in parallel [6]. A key security enabler is threat modeling acquiring highly skilled individuals.…”

Section: Related Workmentioning

confidence: 99%

“…A key security enabler is threat modeling acquiring highly skilled individuals. Valani [6] proposes a lightweight threat modeling approach relying on a correlation matrix. The correlation matrix mapped security requirements over application archetypes.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Proposal To Cope Change Resistance Using DevOps

Mansour¹,

Qureshi²

2020

IJCSMC

View full text Add to dashboard Cite

This paper is written to support a phenomenon in which development and operations (DevOps) teams work together to deliver software on a continuous pace, eliminating the walls of confusion between stakeholders, and facilitating the business to seize and cope up with existing and constantly emerging opportunities. The main processes are development, quality assurance, pre-operational and operational. There are many tools involved in the implementation of DevOps such as Git, Jenkins, Chef, Vegrant, Docker and Hadoop. Due to the technical expertise in variety of tools, DevOps faces many factors that hinder its adoption such as change in the working norms of traditional teams, team structure and cost. The most significant factor is resistance to change by the traditional teams. In this paper, we will identify the possible change-resistant personnel, the reasons behind change-resistant and a solution is proposed to overcome change-resistant. A survey is used as a research design to validate the proposed solution. The results of survey support the proposed solution that it will help the software companies to cope the change resistance while adopting DevOps.

show abstract

Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach

Cited by 5 publications

References 1 publication

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Proposal To Cope Change Resistance Using DevOps

Contact Info

Product

Resources

About

Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach

Cited by 5 publications

References 1 publication

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Multicriteria Based Decision Making of DevOps Data Quality Assessment Challenges Using Fuzzy TOPSIS

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Proposal To Cope Change Resistance Using DevOps﻿

Contact Info

Product

Resources

About

Proposal To Cope Change Resistance Using DevOps