Platform Independent Mode for DevSecOps

Abstract

DevSecOps is a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort [1]. A DevSecOps Pipeline attempts to seamlessly integrate three traditional factions that sometimes have opposing interests: development; which values features; security, which values defensibility; and operations, which values stability [2]. Not only does one need to balance the factions. They must do so in a way that balances risk, quality and benefits within their time, scope, and cost constraints.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 03, 2023
Accession Number
AD1192550

Entities

People

  • Timothy A. Chick

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Commerce
  • Computer Programs
  • Control Systems
  • Curriculum
  • Cybersecurity
  • Department Of Defense
  • Devsecops
  • Engineering
  • Governments
  • Guarantees
  • Infrastructure
  • Materials
  • Model Based Systems Engineering
  • Pipelines
  • Reliability
  • Reliability Engineering
  • Security
  • Software Assurance
  • Software Design
  • Software Development
  • Systems Engineering
  • Technical Debt
  • Universities
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Political Violence and Terrorism Studies.
  • Software Engineering.
  • Systems Analysis and Design