Mohan, Vaishnavi ; Othmane, Lotfi Ben (2016)
SecDevOps: Is It a Marketing Buzzword?
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
DevOps is changing the way organizations develop and deploy applications and service customers. Many organizations want to apply DevOps, but they are concerned by the security aspects of the produced software. This has triggered the creation of the terms SecDevOps and DevSecOps. These terms refer to incorporating security practices in a DevOps environment by promoting the collaboration between the development teams, the operations teams, and the security teams. This paper surveys the literature from academia and industry to identify the main aspects of this trend. The main aspects that we found are: definition, security best practices, compliance, process automation, tools for SecDevOps, software configuration, team collaboration, availability of activity data and information secrecy. Although the number of relevant publications is low, we believe that the terms are not buzzwords; they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Mohan, Vaishnavi ; Othmane, Lotfi Ben |
| Art des Eintrags: | Bibliographie |
| Titel: | SecDevOps: Is It a Marketing Buzzword? |
| Sprache: | Deutsch |
| Publikationsjahr: | September 2016 |
| Buchtitel: | Proc. of the 11th International Conference on Availability, Reliability and Security (ARES) |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | DevOps is changing the way organizations develop and deploy applications and service customers. Many organizations want to apply DevOps, but they are concerned by the security aspects of the produced software. This has triggered the creation of the terms SecDevOps and DevSecOps. These terms refer to incorporating security practices in a DevOps environment by promoting the collaboration between the development teams, the operations teams, and the security teams. This paper surveys the literature from academia and industry to identify the main aspects of this trend. The main aspects that we found are: definition, security best practices, compliance, process automation, tools for SecDevOps, software configuration, team collaboration, availability of activity data and information secrecy. Although the number of relevant publications is low, we believe that the terms are not buzzwords; they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes. |
| Freie Schlagworte: | Secure Software Engineering Group;Security;SecDevOps, DevSecOps, agile development |
| ID-Nummer: | TUD-CS-2016-0166 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy 20 Fachbereich Informatik > Systemsicherheit LOEWE > LOEWE-Zentren 20 Fachbereich Informatik LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 30 Mai 2018 12:53 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum