Browse > Article
http://dx.doi.org/10.15207/JKCS.2019.10.9.047

Component Analysis of DevOps and DevSecOps  

Hong, Jin-Keun (Division of Information Communication Technology, Baekseok University)
Publication Information
Journal of the Korea Convergence Society / v.10, no.9, 2019 , pp. 47-53 More about this Journal
Abstract
This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.
Keywords
Software; Analysis; Safe; Threat; Code;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 V. Mohan & L. B. Othmane (2016). SecDevOps Is It a marketing buzzword? - mapping research on security in DevOps. In 2016 11th International Conference on Availability, Reliability and Security (ARES). (pp. 542-547). Salzburg : IEEE. DOI : 10.1109/ARES.2016.92
2 H. Assal &. Chiasson (2018). Security in the Software Development Lifecycle. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). (pp. 281-296).
3 F. Lim. (2016). DevSecOps is the Krav Maga of Security. Devsecops. [Online]. www.devsecops.org
4 J. Morales. (2019). Establishing the preassessment DevOps Posture of an SDLC in a highly regulated environment: Third in a Series. Carnegie Mellon University Software Engineering Institute. [Online]. insights.sei.cmu.edu/devops
5 J. Corman, D. Rice & J. Williams. (2012). The Rugged Implementation Guide. Ruggedsoftware [Online]. www.ruggedsoftware.org
6 GitHub. (2019). A secure DevOps Pipeline Example via laC. GitHub. [Online]. github.com/SLS-ALL /devopsmicrocosm
7 H. Yasar, E. Wrubel & J. Boieng. (2019). DevSecOps Implementation in the DoD: Barriers and Enablers. Carnegie Mellon University Software Engineering Institute. [Online]. www.sei.cmu.edu/publications/webinars
8 Cyber Security Agency of Singapore. (2017). CSA Singapore: Security by Design Framework v1.0. CSA [Online]. www.csa.gov.sg/-/media/ csa/ documents/legislation_supplementary_references/security_by_design_framework.pdf
9 A. Kumar. (2019). DevOps Trends 2019: DevSecOps, Automation, and More To Attract All The Attention. Dzone [Online]. www.spec-india.com/blog/devops-trends-2019-devsecops-to-attract-all-the-attention/.
10 J. Won, J. Hong & Y. You. (2018). A study on the improvement of security threat analysis and response technology by IoT layer. Journal of Convergence for Information Technology. 8(6). 149-15. DOI: 10.22156/CS4SMB.2018.8.6.149.
11 M. Kim, J. Kang & M. Jun. (2017). A study on the security threat and security requirements for multi unmanned aerial vehicles. Journal of Digital Convergence. 15(8), 195-202. DOI: 10.14400/JDC.2017.15.8.195.   DOI
12 H. Yasa. (2018). Experiment Exposed Credentials in GitHub Public Repositories for CI/CD. In 2018 IEEE Cybersecurity Development (SecDev) (pp. 143-143). Cambridge : IEEE. DOI : 10.1109/ SecDev.2018.00039
13 V. Mohan, L. Othmane & A. Kres. (2018). BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study. In 2018 IEEE Cybersecurity Development (SecDev) (pp. 21-28). Cambridge : IEEE. DOI : 10.1109/SecDev.2018.00011
14 L. Williams. (2018). CContinuously integrating security. In Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment. (pp. 1-2). New York : ACM. DOI : 10.23919/SEAD.2018.8472846
15 O. Diaz & M. Munoz (2017). Reinforcing DevOps approach with security and Risk Management: an experience of implementing it in a Data Center of a Mexican Organization. In 2017 6th International Conference on Software Process Improvement (CIMPS). (pp. 1-7). Zacatecas : IEEE. DOI : 10.1109/CIMPS. 2017.8169957
16 J. S. Lee. (2018). The DevSecOps and agency theory. In 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). (pp. 243-244). Memphis : IEEE. DOI : 10.1109/ISSREW.2018.00013
17 K. Carter. (2017). Francois Raynaud on DevSecOps. IEEE Software. 34(5). 93-96. DOI : 10.1109/MS.2017.3571578   DOI