Preliminary Findings about DevSecOps from Grey Literature

Runfeng Mao; He Zhang; Qiming Dai; Huang Huang; Guoping Rong; Haifeng Shen; Lianping Chen; Kaixiang Lu

doi:10.1109/QRS51102.2020.00064

Back

Conference proceeding

Preliminary Findings about DevSecOps from Grey Literature

Runfeng Mao, He Zhang, Qiming Dai, Huang Huang, Guoping Rong, Haifeng Shen, Lianping Chen and Kaixiang Lu

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS), pp.450-457

IEEE International Conference on Software Quality, Reliability and Security (QRS), 20th (Macau, China, 11/12/2020–14/12/2020)

12/2020

DOI: https://doi.org/10.1109/QRS51102.2020.00064

Metrics

46 Record Views

38 Times Cited - Web of Science

Abstract

Collaboration

Cultural differences

DevOps

DevSecOps

Empirical software engineering

Grey literature review

Industries

Security

Software engineering

Software quality

Software reliability

Context: Emerging from the agile culture, DevOps particularly emphasizes development and deployment speed to achieve rapid value delivery, which however brings some security risks to the software development process. DevSecOps is an extension of DevOps, which is considered as a means to intertwine development, operation and security. Some companies with security concerns begin to take DevSecOps into consideration when it comes to the application of DevOps. Objective: The goal of this study is to report the state-of-the-practice of DevSecOps as well as calling for academia to pay more attention to DevSecOps. Method: Using Google search engine to collect articles on DevSecOps, we conducted a Grey Literature Review (GLR) on the selected articles. Results: Whilst there exists three major software security risks in DevOps, the establishment of DevOps pipeline provides opportunities for software security activities. Based on the preliminary consensus that DevSecOps is an extension of DevOps, it is observed that the interpretations of DevSecOps can be classified into three core aspects, which are: DevSecOps capabilities, cultural enablers, and technological enablers. Furthermore, to materialize the interpretations into daily software production activities, the recommended DevSecOps practices we obtain from Grey Literature (GL) can be categorized in terms of process, infrastructure and collaboration. Conclusion: Although DevSecOps is getting increasing attention by industry, it is still in its infancy and needs to be promoted by both academia and industry.

Details

Title: Preliminary Findings about DevSecOps from Grey Literature
Creators: Runfeng Mao - Nanjing University
He Zhang - Nanjing University
Qiming Dai - Nanjing University
Huang Huang - Nanjing University
Guoping Rong - Nanjing University
Haifeng Shen - Australian Catholic University
Lianping Chen - Nanjing University
Kaixiang Lu - Nanjing University
Publication Details: 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS), pp.450-457
Conference: IEEE International Conference on Software Quality, Reliability and Security (QRS), 20th (Macau, China, 11/12/2020–14/12/2020)
Publisher: IEEE
Identifiers: 991013173412702368
Academic Unit: Faculty of Science and Engineering
Language: English
Resource Type: Conference proceeding

Preliminary Findings about DevSecOps from Grey Literature

Related links

Metrics

Abstract

Details

Southern Cross University Social media