Weaving Security into DevOps Practices in Highly Regulated Environments

[1]  Seth Allcorn,et al.  Organizational silos: Horizontal organizational fragmentation. , 2002 .

[2]  Eric Byres The air gap: SCADA's enduring security myth , 2013, CACM.

[3]  Tim Hughes,et al.  Adopting Agile in an FDA Regulated Environment , 2009, 2009 Agile Conference.

[4]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[5]  L. G. Hrebiniak,et al.  Organizational Adaptation: Strategic Choice and Environmental Determinism. , 1985 .

[6]  Gary Blau,et al.  Risk management in the development of new products in highly regulated industries , 2000 .

[7]  Elisabetta Di Nitto,et al.  DevOps: Introducing Infrastructure-as-Code , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[8]  Harald C. Gall,et al.  Populating a Release History Database from version control and bug tracking systems , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[9]  Barry W. Boehm,et al.  Theory-W Software Project Management: Principles and Examples , 1989, IEEE Trans. Software Eng..

[10]  Manish Virmani,et al.  Understanding DevOps & bridging the gap from continuous integration to continuous delivery , 2015, Fifth International Conference on the Innovative Computing Technology (INTECH 2015).

[11]  Paul M. Schwartz,et al.  The PII Problem: Privacy and a New Concept of Personally Identifiable Information , 2011 .

[12]  André van Hoorn,et al.  Exploiting DevOps Practices for Dependable and Secure Continuous Delivery Pipelines , 2018, 2018 IEEE/ACM 4th International Workshop on Rapid Continuous Software Engineering (RCoSE).

[13]  Anne Connell,et al.  Modern DevOps: Optimizing software development through effective system interactions , 2014, 2014 IEEE International Professional Communication Conference (IPCC).

[14]  Darko Marinov,et al.  Usage, costs, and benefits of continuous integration in open-source projects , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[15]  J. Harvey,et al.  An analysis of safety culture attitudes in a highly regulated environment , 2002 .

[16]  Patrice Godefroid Random testing for security: blackbox vs. whitebox fuzzing , 2007, RT '07.

[17]  Ricardo Colomo Palacios,et al.  DevSecOps: A Multivocal Literature Review , 2017, SPICE.

[18]  Hasan Yasar,et al.  Where to Integrate Security Practices on DevOps Platform , 2016, Int. J. Secur. Softw. Eng..

[19]  F. Edwards,et al.  Managerial Objectives in Regulated Industries: Expense-Preference Behavior in Banking , 1977, Journal of Political Economy.

[20]  Mason R. Bruza An Analysis of Multi-domain Command and Control and the Development of Software Solutions through DevOps Toolsets and Practices , 2018 .

[21]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[22]  B. S. Farroha,et al.  A Framework for Managing Mission Needs, Compliance, and Trust in the DevOps Environment , 2014, 2014 IEEE Military Communications Conference.

[23]  Guoping Rong,et al.  CMMI Guided Process Improvement for DevOps Projects: An Exploratory Case Study , 2016, 2016 IEEE/ACM International Conference on Software and System Processes (ICSSP).