Where to Integrate Security Practices on DevOps Platform

Yaşar, Hasan; Kontostathis, Kiriakos

doi:10.4018/ijsse.2016100103

Cited by 19 publications

(22 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Impact: explores how DevOps effects other aspects of software development such as architecture [42], security [49], quality assurance [40], or the impact of DevOps on software development in specific scenarios, such as the development of software for research [12].…”

Section: Peer-reviewed Literaturementioning

confidence: 99%

A Survey of DevOps Concepts and Challenges

Leite¹,

Rocha

Kon³

et al. 2019

ACM Comput. Surv.

318

183

View full text Add to dashboard Cite

DevOps is a collaborative and multidisciplinary organizational effort to automate continuous delivery of new software updates while guaranteeing their correctness and reliability. The present survey investigates and discusses DevOps challenges from the perspective of engineers, managers, and researchers. We review the literature and develop a DevOps conceptual map, correlating the DevOps automation tools with these concepts. We then discuss their practical implications for engineers, managers, and researchers. Finally, we critically explore some of the most relevant DevOps challenges reported by the literature.

show abstract

Section: Peer-reviewed Literaturementioning

confidence: 99%

A Survey of DevOps Concepts and Challenges

Leite¹,

Rocha

Kon³

et al. 2019

ACM Comput. Surv.

318

183

View full text Add to dashboard Cite

show abstract

“…Challenge of unrestricted collaboration [20], [23], [58], [79] CH12 Using unsuitable performance metrics for security evaluation [2], [69], [78], [79] CH13 Abundance of information is a serious threat to secure data [60], [62], [80] CH14 Use of immature automated deployment tools [61], [81], [82] CH15 Inadequate channel to monitor the collaboration of teams [52], [53], [71], [79]…”

Section: Ch11mentioning

confidence: 99%

“…Therefore, there should be proper automation testing tools to monitor the security risks of DevOps. As we are dealing with heterogeneous nature in an organization all sites must coordinate to resolve any ambiguity on time [52,61]. CH16 "lack of secure coding standards" is considered as the challenging factor in terms of DevOps security.…”

Section: Application Of Promethee II Approachmentioning

confidence: 99%

“…Proper trainings and meeting sessions should be conducted to improve the expertise of teams. The capabilities to support and encourage team members by leadership to control the abundance of information causing problems to secure data[60,62,80] will process DevOps smoothly.The other frequently occurred challenge in an organization to secure DevOps activities is immature automated deployment tools[61,81,82], due to lack of testing knowledge. The DevOps team must corporate with security team to measure such challenging factors.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Rafi

Akbar

et al. 2020

IEEE Access

View full text Add to dashboard Cite

DevOps is a combination of collaborative and multidisciplinary efforts of an organization to control continuous delivery and updates of new software while guaranteeing their reliability and correctness. In the software industry, the implementation of DevOps (development and operations units) faces many challenges that are specifically associated with the security. This study aims to develop a prioritization based taxonomy of DevOps security challenges using PROMETHEE-II approach. The total of eighteen DevOps security challenges were extracted from the literature and were further evaluated with experts using questionnaire survey study. In the third stage, multi criteria decision making PROMETHEE-II approach was used to prioritize and develop the taxonomy of identified factors and their categories. The implications of PROMETHEE-II approach are novel in this research domain as it has been used successfully in various other domains e.g. medical, banking, internet techniques and management etc. The contribution of this study is not limited to develop the taxonomy based structure of DevOps security challenges, but also the proper prioritization of these challenges by introducing PROMETHEE-II approach in the research field of DevOps. The study results will assist the practitioners to remove the uncertainty and vagueness in the opinion of DevOps experts to secure DevOps implementation for better and continuous software development process.

show abstract

“…• Use of immature automated deployment tools (2) • Use of unsuitable metrics (2) • Insufficient monitoring of collaboration (1) Mohan and ben Othmane [17] attempted to perform a mapping study on security in DevOps, but found very few primary studies; mostly trade conference presentations and blogs (similar to the artifacts above). Yasar and Kontostathis [25] propose focusing on security requirements, threat modeling, environment configuration, static analysis, code review, penetration testing, environment testing, and finally a manual security review. They claim that quick incident response is an implicit benefit of such an approach, but do not offer any empirical evidence to support the claim.…”

Section: Devops Security In the Literaturementioning

confidence: 99%

Software Security Activities that Support Incident Management in Secure DevOps

Jaatun

2018

Proceedings of the 13th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Many software services are currently created using DevOps, where developers and operations personnel are more tightly integrated. The DevOps paradigm enables shorter development cycles, but increased speed has raised concerns over whether security issues may be overlooked. However, perfect security is never achievable, and in addition to the proactive software security efforts, we also need a reactive effort to handle flaws and bugs that are not discovered before they are used in an attack. In this paper we explore how focus on incident management and collaboration with developers can contribute to improved software security. CCS CONCEPTS• Security and privacy → Software security engineering;

show abstract

Where to Integrate Security Practices on DevOps Platform

Cited by 19 publications

References 7 publications

A Survey of DevOps Concepts and Challenges

A Survey of DevOps Concepts and Challenges

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Software Security Activities that Support Incident Management in Secure DevOps

Contact Info

Product

Resources

About