Where to Integrate Security Practices on DevOps Platform
April 2016 • Article
Hasan Yasar, Kiriakos Kontostathis
The article describes how to address security concerns early in the software development lifecycle and leverage that approach throughout the entire lifecycle.
Abstract
"Software security" often evokes negative feelings among software developers because this term is associated with additional programming effort, uncertainty, and road blocker activity on rapid development and release cycles.
The Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems.
Secure software should be focused on a proactive approach that limits the attack surface and produces reliable software. Secure DevOps developers want their software to bend but not break, which means the software absorbs attacks and continues to function. The burgeoning concepts of DevOps include a number of concepts that can be applied to increase the security of developed applications.
Applying these and other DevOps principles can have a big impact on creating an environment that is resilient and secure. This paper, published in the International Journal of Secure Software Engineering (IJSSE) in 2016, explains how to address security concerns in the early stages of the development lifecycle and leverage that knowledge throughout the SDLC.