Most research on DevOps focuses on tooling support, improving automation in testing and deployment, improving performance and integrating security into the deployment process to initiate and implement DevOps. However, establishing DevOps practices, specifically continuous delivery and continuous deployment practices, in the industry is a challenge as it requires new organizational capabilities and novel techniques, methods and tools for application design, testing and deployment. Development and Operations (DevOps) is emerging as a promising approach in the software industry to help organizations to realize this goal. We have implemented the P2ISE and quantitatively assessed its performance and efficiency.Īttracted by increasing the need of being able to improve business competitiveness and performance, many organizations have started to optimize themselves to develop and deliver high-quality values more quickly and reliably. At the heart of P2ISE lies the TPM trusted computing technology, which is leveraged to ensure integrity preservation. This paper presents P2ISE, a novel integrity-preserving tool that provides strong security assertions for developers against attackers. Yet, no method can accurately verify that the integrity of a project’s source code has not been breached. To ensure the soundness of a software project, its source code must be secured from malicious modifications. On the security side, however, most environments seem to focus on authentication, neglecting other critical aspects, such as the integrity of the source code and the compiled binaries. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. Over the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners' security practices and found matching practices and similar trends. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments. The outcome is an updated list of security challenges and practices for DevOps software development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. Due to technical advances, old ways for securing DevOps software development have become obsolete.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |