Skip to main content
Top

Hint

Swipe to navigate through the chapters of this book

2017 | Supplement | Chapter

DevSecOps: A Multivocal Literature Review

Authors : Håvard Myrbakken, Ricardo Colomo-Palacios

Published in: Software Process Improvement and Capability Determination

Publisher: Springer International Publishing

share
SHARE

Abstract

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.
Literature
1.
go back to reference Mell, P.M., Grance, T.: The NIST definition of cloud computing. Special Publications (NIST SP)-800-145, 7 P. NIST Definitions on Cloud Computing, September 2011 Mell, P.M., Grance, T.: The NIST definition of cloud computing. Special Publications (NIST SP)-800-145, 7 P. NIST Definitions on Cloud Computing, September 2011
2.
go back to reference Fitzgerald, B., Stol, K.J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176–189 (2017) CrossRef Fitzgerald, B., Stol, K.J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176–189 (2017) CrossRef
3.
go back to reference Svensson, R.B., Claps, G.G., Aurum, A.: On the journey to continuous deployment: technical and social challenges along the way. Inf. Softw. Technol. 57, 21–31 (2015) CrossRef Svensson, R.B., Claps, G.G., Aurum, A.: On the journey to continuous deployment: technical and social challenges along the way. Inf. Softw. Technol. 57, 21–31 (2015) CrossRef
4.
go back to reference Humble, J., Joanne, M.: Why enterprises must adopt devops to enable continuous delivery. J. Inf. Technol. Manage. 24, 7 (2011) Humble, J., Joanne, M.: Why enterprises must adopt devops to enable continuous delivery. J. Inf. Technol. Manage. 24, 7 (2011)
5.
go back to reference Hernantes, J., Ebert, C., Gallardo, G., Serrano, N.: Devops. IEEE Softw. 33(3), 94–100 (2016) CrossRef Hernantes, J., Ebert, C., Gallardo, G., Serrano, N.: Devops. IEEE Softw. 33(3), 94–100 (2016) CrossRef
6.
go back to reference Yankel, J., Cois, C.A., Connell, A.: Modern devops: optimizing software development through effective system interactions. In: 2014 IEEE International Professional Communication Conference (IPCC), pp. 1–7, October 2014 Yankel, J., Cois, C.A., Connell, A.: Modern devops: optimizing software development through effective system interactions. In: 2014 IEEE International Professional Communication Conference (IPCC), pp. 1–7, October 2014
7.
go back to reference Callanan, M., Spillane, A.: Devops: making it easy to do the right thing. IEEE Softw. 33(3), 53–59 (2016) CrossRef Callanan, M., Spillane, A.: Devops: making it easy to do the right thing. IEEE Softw. 33(3), 53–59 (2016) CrossRef
8.
9.
go back to reference Hewlett Packard Enterprise: Application security and devops. Technical report, Hewlett Packard Enterprise (2016) Hewlett Packard Enterprise: Application security and devops. Technical report, Hewlett Packard Enterprise (2016)
10.
go back to reference MacDonald, N., Head, I.: DevSecOps: How to Seamlessly Integrate Security Into DevOps. Technical report, Gartner (2016) MacDonald, N., Head, I.: DevSecOps: How to Seamlessly Integrate Security Into DevOps. Technical report, Gartner (2016)
11.
go back to reference Mohan, V., Othmane, L.B.: Secdevops: is it a marketing buzzword? - mapping research on security in devops. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 542–547, August 2016 Mohan, V., Othmane, L.B.: Secdevops: is it a marketing buzzword? - mapping research on security in devops. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 542–547, August 2016
12.
go back to reference Ashfaque, A., Rahman, U., Williams, L.: Software security in devops: synthesizing practitioners’ perceptions and practices. In: Proceedings of the International Workshop on Continuous Software Evolution and Delivery, CSED 2016, pp. 70–76. ACM, New York (2016) Ashfaque, A., Rahman, U., Williams, L.: Software security in devops: synthesizing practitioners’ perceptions and practices. In: Proceedings of the International Workshop on Continuous Software Evolution and Delivery, CSED 2016, pp. 70–76. ACM, New York (2016)
13.
go back to reference Oivo, M., Karvonen, T., Behutiye, W., Kuvaja, P.: Systematic literature review on the impacts of agile release engineering practices. Inf. Softw. Technol. 86, 87–100 (2017) CrossRef Oivo, M., Karvonen, T., Behutiye, W., Kuvaja, P.: Systematic literature review on the impacts of agile release engineering practices. Inf. Softw. Technol. 86, 87–100 (2017) CrossRef
14.
go back to reference Lwakatare, L.E., Teppola, S., Suomalainen, T., Eskeli, J., Karvonen, T., Kuvaja, P., Verner, J.M., Rodríguez, P., Haghighatkhah, A., Oivo, M.: Continuous deployment of software intensive products and services: a systematic mapping study. J. Syst. Softw. 123, 263–291 (2017) CrossRef Lwakatare, L.E., Teppola, S., Suomalainen, T., Eskeli, J., Karvonen, T., Kuvaja, P., Verner, J.M., Rodríguez, P., Haghighatkhah, A., Oivo, M.: Continuous deployment of software intensive products and services: a systematic mapping study. J. Syst. Softw. 123, 263–291 (2017) CrossRef
15.
go back to reference Ståhl, D., Bosch, J.: Modeling continuous integration practice differences in industry software development. J. Syst. Softw. 87, 48–59 (2014) CrossRef Ståhl, D., Bosch, J.: Modeling continuous integration practice differences in industry software development. J. Syst. Softw. 87, 48–59 (2014) CrossRef
16.
go back to reference Ogawa, R.T., Malen, B.: Towards rigor in reviews of multivocal literatures: applying the exploratory case study method. Rev. Educ. Res. 61(3), 265–286 (1991) CrossRef Ogawa, R.T., Malen, B.: Towards rigor in reviews of multivocal literatures: applying the exploratory case study method. Rev. Educ. Res. 61(3), 265–286 (1991) CrossRef
17.
go back to reference Garousi, V., Mäntylä, M.V.: When and what to automate in software testing? a multi-vocal literature review. Inf. Softw. Technol. 76, 92–117 (2016) CrossRef Garousi, V., Mäntylä, M.V.: When and what to automate in software testing? a multi-vocal literature review. Inf. Softw. Technol. 76, 92–117 (2016) CrossRef
18.
go back to reference Junior, H.J., de França, B.B.N., Travassos, G.H.: Characterizing devops by hearing multiple voices. In: Proceedings of the 30th Brazilian Symposium on Software Engineering, SBES 2016, pp. 53–62. ACM, New York (2016) Junior, H.J., de França, B.B.N., Travassos, G.H.: Characterizing devops by hearing multiple voices. In: Proceedings of the 30th Brazilian Symposium on Software Engineering, SBES 2016, pp. 53–62. ACM, New York (2016)
19.
go back to reference Felderer, M., Garousi, V., Hacaloğlu, T.: Software test maturity assessment and test process improvement: a multivocal literature review. Inf. Softw. Technol. 85, 16–42 (2017) CrossRef Felderer, M., Garousi, V., Hacaloğlu, T.: Software test maturity assessment and test process improvement: a multivocal literature review. Inf. Softw. Technol. 85, 16–42 (2017) CrossRef
20.
go back to reference Felderer, M., Garousi, V., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE 2016, pp. 26:1–26:6. ACM, New York (2016) Felderer, M., Garousi, V., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE 2016, pp. 26:1–26:6. ACM, New York (2016)
21.
go back to reference Shackleford, D.: A devsecops playbook. SANS Institute InfoSec Reading Room. A DevSecOps Playbook, March 2016 Shackleford, D.: A devsecops playbook. SANS Institute InfoSec Reading Room. A DevSecOps Playbook, March 2016
29.
go back to reference Shackleford, D.: The devsecops approach to securing your code and your cloud. SANS Institute InfoSec Reading Room A DevSecOps Playbook, February 2017 Shackleford, D.: The devsecops approach to securing your code and your cloud. SANS Institute InfoSec Reading Room A DevSecOps Playbook, February 2017
43.
go back to reference Goldschmidt, M., McKinnon, M.: Devsecops - agility with security. Technical report, Sense of Security (2016) Goldschmidt, M., McKinnon, M.: Devsecops - agility with security. Technical report, Sense of Security (2016)
45.
go back to reference Clarke, P.M., O’Connor, R.V., Elger, P.: Continuous software engineering–a microservices architecture perspective. J. Softw. Evol. Proc. 2017, e1866 (2017) Clarke, P.M., O’Connor, R.V., Elger, P.: Continuous software engineering–a microservices architecture perspective. J. Softw. Evol. Proc. 2017, e1866 (2017)
Metadata
Title
DevSecOps: A Multivocal Literature Review
Authors
Håvard Myrbakken
Ricardo Colomo-Palacios
Copyright Year
2017
DOI
https://doi.org/10.1007/978-3-319-67383-7_2

Premium Partner