Skip to main content
Registrieren
Springer Professional
SUCHE
MENÜ 1 2 3 4
nach oben

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

Erschienen in:
NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering Kapitel lesen Erstes Kapitel lesen

2017 | Supplement | Buchkapitel

DevSecOps: A Multivocal Literature Review

verfasst von : Håvard Myrbakken, Ricardo Colomo-Palacios

Erschienen in: Software Process Improvement and Capability Determination

Verlag: Springer International Publishing

Einloggen, um Zugang zu erhalten
share
TEILEN

Abstract

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.

Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 69.000 Bücher
  • über 500 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 50.000 Bücher
  • über 380 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe



 


Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 58.000 Bücher
  • über 300 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko





Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren
Vorheriges Kapitel NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering
Nächstes Kapitel Towards the Development of a Sequential Framework for Agile Adoption
Literatur
1.
Mell, P.M., Grance, T.: The NIST definition of cloud computing. Special Publications (NIST SP)-800-145, 7 P. NIST Definitions on Cloud Computing, September 2011
2.
Fitzgerald, B., Stol, K.J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176–189 (2017) CrossRef
3.
Svensson, R.B., Claps, G.G., Aurum, A.: On the journey to continuous deployment: technical and social challenges along the way. Inf. Softw. Technol. 57, 21–31 (2015) CrossRef
4.
Humble, J., Joanne, M.: Why enterprises must adopt devops to enable continuous delivery. J. Inf. Technol. Manage. 24, 7 (2011)
5.
Hernantes, J., Ebert, C., Gallardo, G., Serrano, N.: Devops. IEEE Softw. 33(3), 94–100 (2016) CrossRef
6.
Yankel, J., Cois, C.A., Connell, A.: Modern devops: optimizing software development through effective system interactions. In: 2014 IEEE International Professional Communication Conference (IPCC), pp. 1–7, October 2014
7.
Callanan, M., Spillane, A.: Devops: making it easy to do the right thing. IEEE Softw. 33(3), 53–59 (2016) CrossRef
8.
Spinellis, D.: Being a devops developer. IEEE Softw. 33(3), 4–5 (2016) CrossRef
9.
Hewlett Packard Enterprise: Application security and devops. Technical report, Hewlett Packard Enterprise (2016)
10.
MacDonald, N., Head, I.: DevSecOps: How to Seamlessly Integrate Security Into DevOps. Technical report, Gartner (2016)
11.
Mohan, V., Othmane, L.B.: Secdevops: is it a marketing buzzword? - mapping research on security in devops. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 542–547, August 2016
12.
Ashfaque, A., Rahman, U., Williams, L.: Software security in devops: synthesizing practitioners’ perceptions and practices. In: Proceedings of the International Workshop on Continuous Software Evolution and Delivery, CSED 2016, pp. 70–76. ACM, New York (2016)
13.
Oivo, M., Karvonen, T., Behutiye, W., Kuvaja, P.: Systematic literature review on the impacts of agile release engineering practices. Inf. Softw. Technol. 86, 87–100 (2017) CrossRef
14.
Lwakatare, L.E., Teppola, S., Suomalainen, T., Eskeli, J., Karvonen, T., Kuvaja, P., Verner, J.M., Rodríguez, P., Haghighatkhah, A., Oivo, M.: Continuous deployment of software intensive products and services: a systematic mapping study. J. Syst. Softw. 123, 263–291 (2017) CrossRef
15.
Ståhl, D., Bosch, J.: Modeling continuous integration practice differences in industry software development. J. Syst. Softw. 87, 48–59 (2014) CrossRef
16.
Ogawa, R.T., Malen, B.: Towards rigor in reviews of multivocal literatures: applying the exploratory case study method. Rev. Educ. Res. 61(3), 265–286 (1991) CrossRef
17.
Garousi, V., Mäntylä, M.V.: When and what to automate in software testing? a multi-vocal literature review. Inf. Softw. Technol. 76, 92–117 (2016) CrossRef
18.
Junior, H.J., de França, B.B.N., Travassos, G.H.: Characterizing devops by hearing multiple voices. In: Proceedings of the 30th Brazilian Symposium on Software Engineering, SBES 2016, pp. 53–62. ACM, New York (2016)
19.
Felderer, M., Garousi, V., Hacaloğlu, T.: Software test maturity assessment and test process improvement: a multivocal literature review. Inf. Softw. Technol. 85, 16–42 (2017) CrossRef
20.
Felderer, M., Garousi, V., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE 2016, pp. 26:1–26:6. ACM, New York (2016)
21.
Shackleford, D.: A devsecops playbook. SANS Institute InfoSec Reading Room. A DevSecOps Playbook, March 2016
22.
23.
24.
25.
26.
27.
28.
29.
Shackleford, D.: The devsecops approach to securing your code and your cloud. SANS Institute InfoSec Reading Room A DevSecOps Playbook, February 2017
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
Goldschmidt, M., McKinnon, M.: Devsecops - agility with security. Technical report, Sense of Security (2016)
44.
45.
Clarke, P.M., O’Connor, R.V., Elger, P.: Continuous software engineering–a microservices architecture perspective. J. Softw. Evol. Proc. 2017, e1866 (2017)
Metadaten
Titel
DevSecOps: A Multivocal Literature Review
verfasst von
Håvard Myrbakken
Ricardo Colomo-Palacios
Copyright-Jahr
2017
Buch
Software Process Improvement and Capability Determination

Print ISBN: 978-3-319-67382-0

Electronic ISBN: 978-3-319-67383-7

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-67383-7_2

Premium Partner