DevOps for Better Software Security in the Cloud Invited Paper

The DevOps paradigm means that development and operations for an organisation blend together. For security, this implies that information on detected attacks can be fed back to the development, enabling faster eradication of vulnerabilities in software. This is particularly important in cloud installations, where release cycles can be less than a day. This paper argues that DevOps can be employed for overall improved software security.

[1]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[2]  Daniela Cruzes,et al.  Interpretative case studies on agile team productivity and management , 2013, Inf. Softw. Technol..

[3]  Barry Boehm,et al.  Foundations of Empirical Software Engineering , 2005 .

[4]  Gary McGraw,et al.  The Building Security in Maturity Model ({BSIMM}) , 2009 .

[5]  Bharat K. Bhargava,et al.  Extending the Agile Development Process to Develop Acceptably Secure Software , 2014, IEEE Transactions on Dependable and Secure Computing.

[6]  Gary McGraw Software security and the building security in maturity model (BSIMM) , 2015 .

[7]  Liming Zhu,et al.  Achieving Reliable High-Frequency Releases in Cloud Environments , 2015, IEEE Software.

[8]  Carol Woody Agile Security – Review of Current Research and Pilot Usage OVERVIEW , 2022 .

[9]  Martin Gilje Jaatun,et al.  Hunting for Aardvarks: Can Software Security Be Measured? , 2012, CD-ARES.

[10]  Steffen Bartsch,et al.  Practitioners' Perspectives on Security in Agile Development , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[11]  Charlene O'Hanlon,et al.  A Conversation with Werner Vogels , 2006, ACM Queue.

[12]  Andrew M. Gravell,et al.  Agile security issues: an empirical study , 2010, ESEM '10.

[13]  Wayne A. Jansen,et al.  Directions in Security Metrics Research , 2009 .

[14]  Laurie A. Williams,et al.  Can traditional fault prediction models be used for vulnerability prediction? , 2011, Empirical Software Engineering.

[15]  Barry W. Boehm,et al.  Software Defect Reduction Top 10 List , 2001, Computer.

[16]  Salvatore J. Stolfo,et al.  Guest Editors' Introduction: The Science of Security , 2011, IEEE Secur. Priv..

[17]  Neeraj Suri,et al.  Novel efficient techniques for real-time cloud security assessment , 2016, Comput. Secur..

[18]  Daniela Cruzes,et al.  Challenges of applying ethnography to study software practices , 2012, Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement.

[19]  Klaas-Jan Stol,et al.  Continuous software engineering: A roadmap and agenda , 2017, J. Syst. Softw..

[20]  Daniela Cruzes,et al.  Agile Team Perceptions of Productivity Factors , 2011, 2011 AGILE Conference.

[21]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[22]  Liming Zhu,et al.  DevOps - A Software Architect's Perspective , 2015, SEI series in software engineering.

[23]  Neeraj Suri,et al.  Quantifiably Trusting the Cloud: Putting Metrics to Work , 2016, IEEE Security & Privacy.

[24]  M. Burawoy The Extended Case Method* , 1998 .

[25]  Neeraj Suri,et al.  Quantitative Reasoning about Cloud Security Using Service Level Agreements , 2017, IEEE Transactions on Cloud Computing.