2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (2016)
Austin, Texas, USA
May 14, 2016 to May 15, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSED.2016.021
In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.
Security, Software, Organizations, Internet, Collaboration, Automation, Testing
Akond Ashfaque Ur Rahman, Laurie Williams, "Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices", 2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery, vol. 00, no. , pp. 70-76, 2016, doi:10.1109/CSED.2016.021