A4 Article in conference proceedings
Trends for the DevOps Security : A Systematic Literature Review (2022)
Leppänen, T., Honkaranta, A., & Costin, A. (2022). Trends for the DevOps Security : A Systematic Literature Review. In B. Shishkov (Ed.), Business Modeling and Software Design : 12th International Symposium, BMSD 2022, Fribourg, Switzerland, June 27–29, 2022, Proceedings (pp. 200-217). Springer International Publishing. Lecture Notes in Business Information Processing, 453. https://doi.org/10.1007/978-3-031-11510-3_12(external link)
JYU authors or editors
Publication details
All authors or editors: Leppänen, Tiina; Honkaranta, Anne; Costin, Andrei
Parent publication: Business Modeling and Software Design : 12th International Symposium, BMSD 2022, Fribourg, Switzerland, June 27–29, 2022, Proceedings
Parent publication editors: Shishkov, Boris
Conference:
- International symposium on business modeling and software design
Place and date of conference: Fribourg, Switzerland, 27.-29.6.2022
ISBN: 978-3-031-11509-7
eISBN: 978-3-031-11510-3
Journal or series: Lecture Notes in Business Information Processing
ISSN: 1865-1348
eISSN: 1865-1356
Publication year: 2022
Number in series: 453
Pages range: 200-217
Number of pages in the book: 309
Publisher: Springer International Publishing
Place of Publication: Cham
Publication country: Switzerland
Publication language: English
DOI: https://doi.org/10.1007/978-3-031-11510-3_12(external link)
Publication open access: Not open
Publication channel open access:
Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/85182(external link)
Abstract
Due to technical advances, old ways for securing DevOps software development have become obsolete. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. The outcome is an updated list of security challenges and practices for DevOps software development. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments. The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners’ security practices and found matching practices and similar trends.
Keywords: data systems; software development; technological development; data security; safety and security; systematic reviews
Free keywords: DevOps; security; systematic literature review
Contributing organizations
Ministry reporting: Yes
VIRTA submission year: 2022
JUFO rating: 1
