DevSecOps: A Multivocal Literature Review

@inproceedings{Myrbakken2017DevSecOpsAM,
  title={DevSecOps: A Multivocal Literature Review},
  author={H{\aa}vard Myrbakken and Ricardo Colomo Palacios},
  booktitle={SPICE},
  year={2017}
}
Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal… 
View via Publisher
rcolomo.com
74 Citations
Highly Influential Citations
6
Background Citations
18
Methods Citations
12

74 Citations

Citation Type

Citation Type

Security as Culture: A Systematic Literature Review of DevSecOps
DevOps goes beyond automation, continuous integration and delivery processes, since it also encompasses people. In fact, DevOps promotes the collaboration between the development team and the
Best Practices for Ensuring Security in DevOps: A Case Study Approach
TLDR
The research serves to find out the best practices that could be implemented to enhance security in DevSecOps to provide best practices covering all the aspects of DevOps.
Preliminary Findings about DevSecOps from Grey Literature
  • Runfeng Mao, He Zhang, Kaixiang Lu
  • Computer Science
    2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)
  • 2020
TLDR
The goal of this study is to report the state of the practice of DevSecOps as well as calling for academia to pay more attention to DevSec Ops, which is still in its infancy.
Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE
TLDR
The study results will assist the practitioners to remove the uncertainty and vagueness in the opinion of DevOps experts to secure DevOps implementation for better and continuous software development process.
Effective DevSecOps Implementation: A Systematic Literature Review
TLDR
This paper outlines methods of effectively implementing DevSec Ops as described in academic literature and uses a grounded theory approach to do a systematic literature review of academic literature to find the factors that contribute to an effective DevSecOps implementation.
Problems of CI/CD and DevOps on Security Compliance
TLDR
This chapter examines the multiple compliance frameworks and architectural principles that can be applied to agile way of working and more precise to CICD pipelines and focuses on the regulatory requirements and cyberthreats that have impact on organisations.
Migration From DevOps to DevSecOps: A Complete Migration Framework, Challenges, and Evaluation
TLDR
This paper introduces a complete migration framework from DevOps to DevSecOps and identifies the attributes on which the migration framework can be evaluated.
Dealing with Security in a Real DevOps Environment
TLDR
This paper provides a DevOps approach for managing security measures along the DevOps pipeline based on source code analysis at the integration phase, and it is an initial step for injecting security along theDevOps process.
Weaving Security into DevOps Practices in Highly Regulated Environments
TLDR
This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs and refers to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.
Research Findings in the Domain of CI/CD and DevOps on Security Compliance
TLDR
Four widely-used frameworks/standards were reviewed for sufficiently detailed security and privacy control objectives and controls and NIST SP 800-53 and ISO 27002 standards were selected for comparison and mapping with (Sec)DevOps controls in this research.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 69 REFERENCES
SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps
  • V. Mohan, L. B. Othmane
  • Computer Science
    2016 11th International Conference on Availability, Reliability and Security (ARES)
  • 2016
TLDR
The literature from academia and industry is surveyed to identify the main aspects of DevOps and SecDevOps and believe that the terms are not buzzwords, they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes.
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices
  • A. Rahman, L. Williams
  • Computer Science
    2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)
  • 2016
TLDR
The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts.
Characterizing DevOps by Hearing Multiple Voices
TLDR
A Multivocal Literature Review aiming at characterizing DevOps in multiple perspectives, including data sources from technical and gray literature, and identifying its recurrent principles, practices, required skills, potential benefits, challenges and what motivates the organizations to adopt it is performed.
DevOps: Making It Easy to Do the Right Thing
TLDR
Wotif Group used DevOps principles to recover from the downward spiral of manual release activity that many IT departments face and drastically improved the average release cycle time.
Continuous software engineering: A roadmap and agenda
Continuous deployment of software intensive products and services: A systematic mapping study
Continuous software engineering—A microservices architecture perspective
TLDR
An emerging approach to software development, continuous software engineering (CSE), wherein software of operational quality may be delivered on a very frequent basis, up to many times in a given day, is discussed.
On the journey to continuous deployment: Technical and social challenges along the way
Modeling continuous integration practice differences in industry software development
Modern DevOps: Optimizing software development through effective system interactions
TLDR
A generalized model of DevOps will be presented and analyzed, offering a formalization of the communications and actors requisite to any effective software development process, and further developed to illustrate the information flow between human and system actors.
...
1
2
3
4
5
...