Integrating Security with DevSecOps: Techniques and Challenges

The delivery of software applications is key to the success of many development organizations. The software development process over the period increased its scope and included other areas like operations with core Information Technology. Software project practices with DevOps have demonstrated how to streamline these processes, improve the quality of products with present technologies and speed up the processes. In the project cell, a university students' organization which undertake software development projects and services implemented the DevOps methodology for student projects. This model showed results with effective completion of projects. However, what was missing was robust and secure applications, increasing concern and risk involved with insecure products that brought our attention to the implementation and integration of security model into our present development process. The goal of this article is to describe the integration of DevSecOps practice to our ongoing projects that will avoid insecure practices during development.

[1]  Chris Parnin,et al.  The Seven Sins: Security Smells in Infrastructure as Code Scripts , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[2]  Denise H. Goya,et al.  Major Challenges of Systems-of-Systems with Cloud and DevOps – A Financial Experience Report , 2019, 2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES).

[3]  Laurie Williams Continuously Integrating Security , 2018, 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD).

[4]  Denise Hideko Goya,et al.  A systems-of-systems security framework for requirements definition in cloud environment , 2019, ECSA.

[5]  Jessica Nguyen,et al.  Closing the Feedback Loop Between UX Design, Software Development, Security Engineering, and Operations , 2019, SIGITE.