Using MBSE to Secure your DevSecOps Pipeline

Abstract

DevSecOps is a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort [1]. A DevSecOps Pipeline attempts to seamlessly integrate three traditional factions that sometimes have opposing interests: a) development; which values features; b) security, which values defensibility; and c) operations, which values stability [2]. Not only does one need to balance the factions. They must do so in a way that balances risk, quality and benefits within their time, scope, and cost constraints.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 13, 2023
Accession Number
AD1195563

Entities

People

  • Timothy A. Chick

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Commerce
  • Computer Programs
  • Control Systems
  • Cybersecurity
  • Department Of Defense
  • Devsecops
  • Engineering
  • Engineers
  • Hybrid Threats
  • Materials
  • Model Based Systems Engineering
  • Pipelines
  • Reliability
  • Reliability Engineering
  • Security
  • Software Assurance
  • Software Design
  • Software Development
  • Systems Engineering
  • Technical Debt
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Software Engineering.
  • Systems Analysis and Design