DevSecOps for the Enterprise

Abstract

DevSecOpsis a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort. A DevSecOps Pipeline attempts to seamlessly integrate three traditional factions that sometimes have opposing interests: development; which values features; security, which values defensibility; and operations, which values stability. Not only does one need to balance the factions. They must do so in a way that balances risk, quality and benefits within their time, scope, and cost constraints.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 09, 2022
Accession Number
AD1187371

Entities

People

  • Hasan Yaşar
  • Luiz Antunes

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Commerce
  • Configuration Management
  • Department Of Defense
  • Devsecops
  • Emerging Technology
  • Engineering
  • Engineers
  • Governments
  • Materials
  • Personal Information Managers
  • Pipelines
  • Security
  • Software Assurance
  • Software Development
  • Standards
  • Systems Engineering
  • Teamwork
  • Training
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Strategic Security Studies