Are Your DevSecOps Capabilities Mature?

Abstract

DevSecOps is a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort [1]. A DevSecOps Pipeline attempts to seamlessly integrate three traditional factions that sometimes have opposing interests: development; which values features; security, which values defensibility; and operations, which values stability [2]. Not only does one need to balance the factions. They must do so in away that balances risk, quality and benefits within their time, scope, and cost constraints.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2023
Accession Number
AD1214450

Entities

People

  • Timothy A. Chick

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Border Security
  • Command And Control
  • Command And Control Systems
  • Commerce
  • Complex Systems
  • Control Systems
  • Devsecops
  • Engineering
  • Engineers
  • Failure Mode And Effect Analysis
  • Information Systems
  • Lessons Learned
  • Model Based Systems Engineering
  • Security
  • Software Development
  • System Of Systems
  • Systems Engineering

Fields of Study

  • Computer science

Readers

  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Military History of the United States in the 20th Century.
  • Team-Based Human-Centered Cognitive Task Decision Making and Information Performance.