DEVSECOPS System Assurance

Abstract

DevSecOps pipelines support organizational agility by automating rapid and frequent delivery of secure infrastructure and software to production (Figure 1). Pipelines are complex systems that require tradeoff decisions for each implementation, which commonly introduce risk to the pipeline and the product it delivers. System assurance should be used to manage that risk and maintain confidence in the pipeline and its product. This paper focuses on system assurance for DevSecOps software systems.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2021
Accession Number
AD1155011

Entities

People

  • Carol C. Woody
  • Geoffrey Sanders
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Complex Systems
  • Computer Programming
  • Computer Programs
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Governments
  • Information Systems
  • Reliability
  • Risk
  • Risk Management
  • Security
  • Software Assurance
  • Software Development
  • System Of Systems
  • Systems Engineering
  • Test And Evaluation
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Naval Mine Countermeasure Systems Development.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design