Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 52 tok/s
Gemini 2.5 Pro 47 tok/s Pro
GPT-5 Medium 18 tok/s Pro
GPT-5 High 13 tok/s Pro
GPT-4o 100 tok/s Pro
Kimi K2 192 tok/s Pro
GPT OSS 120B 454 tok/s Pro
Claude Sonnet 4 37 tok/s Pro
2000 character limit reached

Industrial Challenges in Secure Continuous Development (2401.06529v1)

Published 12 Jan 2024 in cs.SE

Abstract: The intersection between security and continuous software engineering has been of great interest since the early years of the agile development movement, and it remains relevant as software development processes are more frequently guided by agility and the adoption of DevOps. Several authors have contributed studies about the framing of secure agile development and secure DevOps, motivating academic contributions to methods and practices, but also discussions around benefits and challenges. Especially the challenges captured also our interest since, for the last few years, we are conducting research on secure continuous software engineering from a more applied, practical perspective with the overarching aim to introduce solutions that can be adopted at scale. The short positioning at hands summarizes a relevant part of our endeavors in which we validated challenges with several practitioners of different roles. More than framing a set of challenges, we conclude by presenting four key research directions we identified for practitioners and researchers to delineate future work.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (13)
  1. Enterprise-Driven Open Source Software: A Case Study on Security Automation. In 43rd IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP). IEEE, Los Alamitos, CA, USA, 278–287. https://doi.org/10.1109/ICSE-SEIP52600.2021.00037
  2. Pranavi Bitra and Chandra Srilekha Achanta. 2021. Development and Evaluation of an Artefact Model to Support Security Compliance for DevSecOps. Master’s thesis. Blekinge Institute of Technology (BTH), Karlskrona, Sweden. https://urn.kb.se/resolve?urn=urn:nbn:se:bth-21106
  3. Gartner. 2017. 10 Things to Get Right for Successful DevSecOps. https://www.gartner.com/en/documents/3811369/10-things-to-get-right-for-successful-devsecops
  4. Vaishnavi Mohan and Lotfi Ben Othmane. 2016. SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps. In 2016 11th International Conference on Availability, Reliability and Security (ARES). IEEE, Los Alamitos, CA, USA, 542–547. https://doi.org/10.1109/ARES.2016.92
  5. Security Compliance in Agile Software Development: A Systematic Mapping Study. In 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE, Los Alamitos, CA, USA, 413–420. https://doi.org/10.1109/SEAA51224.2020.00073
  6. A Reference Architecture for Security Compliant DevOps. Technical Report. Blekinge Institute of Technology, Karlskrona, Sweden. https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1771068&dswid=-8823
  7. Håvard Myrbakken and Ricardo Colomo-Palacios. 2017. DevSecOps: A Multivocal Literature Review. In Software Process Improvement and Capability Determination. Springer International Publishing, Cham, Switzerland, 17–29. https://doi.org/10.1007/978-3-319-67383-7_2
  8. Literature Review of the Challenges of Developing Secure Software Using the Agile Approach. In Proceedings of the 2015 10th International Conference on Availability, Reliability and Security (ARES). IEEE Computer Society, USA, 540–547. https://doi.org/10.1109/ARES.2015.69
  9. Challenges and solutions when adopting DevSecOps: A systematic review. Information and Software Technology 141 (2022), 106700. https://doi.org/10.1016/j.infsof.2021.106700
  10. Holding on to Compliance While Adopting DevSecOps: An SLR. Electronics: Special Issue Advances in Software Engineering 11 (2022), 3707. https://doi.org/10.3390/electronics11223707
  11. Sonatype. 2019. DevSecOps Community Survey, 2019. {https://www.sonatype.com/hubfs/2019%20DevSecOps%20Community%20Survey.pdf}
  12. A Systematic Mapping Study on Security in Agile Requirements Engineering. In 2018 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE, Los Alamitos, CA, USA, 454–461. https://doi.org/10.1109/SEAA.2018.00080
  13. Markus Voggenreiter and Ulrich Schöpp. 2022. Using a Semantic Knowledge Base to Improve the Management of Security Reports in Industrial DevOps Projects. In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP). ACM, New York, NY, USA, 309–310. https://doi.org/10.1145/3510457.3513065
Citations (2)
View on Semantic Scholar
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-Up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets