Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Industrial Challenges in Secure Continuous Development (2401.06529v1)

Published 12 Jan 2024 in cs.SE

Abstract: The intersection between security and continuous software engineering has been of great interest since the early years of the agile development movement, and it remains relevant as software development processes are more frequently guided by agility and the adoption of DevOps. Several authors have contributed studies about the framing of secure agile development and secure DevOps, motivating academic contributions to methods and practices, but also discussions around benefits and challenges. Especially the challenges captured also our interest since, for the last few years, we are conducting research on secure continuous software engineering from a more applied, practical perspective with the overarching aim to introduce solutions that can be adopted at scale. The short positioning at hands summarizes a relevant part of our endeavors in which we validated challenges with several practitioners of different roles. More than framing a set of challenges, we conclude by presenting four key research directions we identified for practitioners and researchers to delineate future work.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (13)
  1. Enterprise-Driven Open Source Software: A Case Study on Security Automation. In 43rd IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP). IEEE, Los Alamitos, CA, USA, 278–287. https://doi.org/10.1109/ICSE-SEIP52600.2021.00037
  2. Pranavi Bitra and Chandra Srilekha Achanta. 2021. Development and Evaluation of an Artefact Model to Support Security Compliance for DevSecOps. Master’s thesis. Blekinge Institute of Technology (BTH), Karlskrona, Sweden. https://urn.kb.se/resolve?urn=urn:nbn:se:bth-21106
  3. Gartner. 2017. 10 Things to Get Right for Successful DevSecOps. https://www.gartner.com/en/documents/3811369/10-things-to-get-right-for-successful-devsecops
  4. Vaishnavi Mohan and Lotfi Ben Othmane. 2016. SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps. In 2016 11th International Conference on Availability, Reliability and Security (ARES). IEEE, Los Alamitos, CA, USA, 542–547. https://doi.org/10.1109/ARES.2016.92
  5. Security Compliance in Agile Software Development: A Systematic Mapping Study. In 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE, Los Alamitos, CA, USA, 413–420. https://doi.org/10.1109/SEAA51224.2020.00073
  6. A Reference Architecture for Security Compliant DevOps. Technical Report. Blekinge Institute of Technology, Karlskrona, Sweden. https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1771068&dswid=-8823
  7. Håvard Myrbakken and Ricardo Colomo-Palacios. 2017. DevSecOps: A Multivocal Literature Review. In Software Process Improvement and Capability Determination. Springer International Publishing, Cham, Switzerland, 17–29. https://doi.org/10.1007/978-3-319-67383-7_2
  8. Literature Review of the Challenges of Developing Secure Software Using the Agile Approach. In Proceedings of the 2015 10th International Conference on Availability, Reliability and Security (ARES). IEEE Computer Society, USA, 540–547. https://doi.org/10.1109/ARES.2015.69
  9. Challenges and solutions when adopting DevSecOps: A systematic review. Information and Software Technology 141 (2022), 106700. https://doi.org/10.1016/j.infsof.2021.106700
  10. Holding on to Compliance While Adopting DevSecOps: An SLR. Electronics: Special Issue Advances in Software Engineering 11 (2022), 3707. https://doi.org/10.3390/electronics11223707
  11. Sonatype. 2019. DevSecOps Community Survey, 2019. {https://www.sonatype.com/hubfs/2019%20DevSecOps%20Community%20Survey.pdf}
  12. A Systematic Mapping Study on Security in Agile Requirements Engineering. In 2018 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE, Los Alamitos, CA, USA, 454–461. https://doi.org/10.1109/SEAA.2018.00080
  13. Markus Voggenreiter and Ulrich Schöpp. 2022. Using a Semantic Knowledge Base to Improve the Management of Security Reports in Industrial DevOps Projects. In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP). ACM, New York, NY, USA, 309–310. https://doi.org/10.1145/3510457.3513065
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets