Trends for the DevOps Security. A Systematic Literature Review View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2022-07-31

AUTHORS

Tiina Leppänen , Anne Honkaranta , Andrei Costin

ABSTRACT

Due to technical advances, old ways for securing DevOps software development have become obsolete. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. The outcome is an updated list of security challenges and practices for DevOps software development. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments. The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners’ security practices and found matching practices and similar trends. More... »

PAGES

200-217

Book

TITLE

Business Modeling and Software Design

ISBN

978-3-031-11509-7
978-3-031-11510-3

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_12

DOI

http://dx.doi.org/10.1007/978-3-031-11510-3_12

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1149869978


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lepp\u00e4nen", 
        "givenName": "Tiina", 
        "id": "sg:person.015302771661.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015302771661.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Honkaranta", 
        "givenName": "Anne", 
        "id": "sg:person.010722126661.43", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010722126661.43"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Costin", 
        "givenName": "Andrei", 
        "id": "sg:person.010750450376.24", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010750450376.24"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2022-07-31", 
    "datePublishedReg": "2022-07-31", 
    "description": "Due to technical advances, old ways for securing DevOps software development have become obsolete. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. The outcome is an updated list of security challenges and practices for DevOps software development. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments.  The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners\u2019 security practices and found matching practices and similar trends.", 
    "editor": [
      {
        "familyName": "Shishkov", 
        "givenName": "Boris", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-031-11510-3_12", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-031-11509-7", 
        "978-3-031-11510-3"
      ], 
      "name": "Business Modeling and Software Design", 
      "type": "Book"
    }, 
    "keywords": [
      "software security", 
      "software development", 
      "security challenges", 
      "security practices", 
      "security activities", 
      "systematic literature review study", 
      "microservice environment", 
      "security research", 
      "deployment phase", 
      "security deals", 
      "maturity model", 
      "development companies", 
      "analysis phase", 
      "overall complexity", 
      "security", 
      "essential challenge", 
      "complexity", 
      "systematic literature review", 
      "literature review study", 
      "data extraction", 
      "challenges", 
      "cloud", 
      "technical aspects", 
      "pipeline", 
      "framework", 
      "old ways", 
      "environment", 
      "extraction", 
      "companies", 
      "researchers", 
      "technical advances", 
      "development pipeline", 
      "literature review", 
      "development", 
      "way", 
      "list", 
      "model", 
      "deal", 
      "advances", 
      "practice", 
      "research", 
      "aspects", 
      "review study", 
      "one", 
      "practitioners", 
      "trends", 
      "results", 
      "insights", 
      "phase", 
      "review", 
      "study", 
      "new insights", 
      "activity", 
      "outcomes", 
      "similar trend", 
      "paper"
    ], 
    "name": "Trends for the DevOps Security. A Systematic Literature Review", 
    "pagination": "200-217", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1149869978"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-031-11510-3_12"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-031-11510-3_12", 
      "https://app.dimensions.ai/details/publication/pub.1149869978"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:11", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_164.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-031-11510-3_12"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_12'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_12'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_12'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_12'


 

This table displays all metadata directly associated to this object as RDF triples.

129 TRIPLES      22 PREDICATES      80 URIs      73 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-031-11510-3_12 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 schema:author N6a48b5506e6e43bda1011d309ab9748d
4 schema:datePublished 2022-07-31
5 schema:datePublishedReg 2022-07-31
6 schema:description Due to technical advances, old ways for securing DevOps software development have become obsolete. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. The outcome is an updated list of security challenges and practices for DevOps software development. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments. The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners’ security practices and found matching practices and similar trends.
7 schema:editor N9199783f1b9d421d855b1df8a8f88d52
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf Nc6eb1360aef4457abe442cc17bd9c6ad
11 schema:keywords activity
12 advances
13 analysis phase
14 aspects
15 challenges
16 cloud
17 companies
18 complexity
19 data extraction
20 deal
21 deployment phase
22 development
23 development companies
24 development pipeline
25 environment
26 essential challenge
27 extraction
28 framework
29 insights
30 list
31 literature review
32 literature review study
33 maturity model
34 microservice environment
35 model
36 new insights
37 old ways
38 one
39 outcomes
40 overall complexity
41 paper
42 phase
43 pipeline
44 practice
45 practitioners
46 research
47 researchers
48 results
49 review
50 review study
51 security
52 security activities
53 security challenges
54 security deals
55 security practices
56 security research
57 similar trend
58 software development
59 software security
60 study
61 systematic literature review
62 systematic literature review study
63 technical advances
64 technical aspects
65 trends
66 way
67 schema:name Trends for the DevOps Security. A Systematic Literature Review
68 schema:pagination 200-217
69 schema:productId N6c6c237212a947fbaa863b0742210218
70 N78a43429d380495988e0d1fa4514b697
71 schema:publisher N38234456ec9e42228a5e235fc110899f
72 schema:sameAs https://app.dimensions.ai/details/publication/pub.1149869978
73 https://doi.org/10.1007/978-3-031-11510-3_12
74 schema:sdDatePublished 2022-09-02T16:11
75 schema:sdLicense https://scigraph.springernature.com/explorer/license/
76 schema:sdPublisher N55552d8a609d4b58aee4ff5a8cfd0ea7
77 schema:url https://doi.org/10.1007/978-3-031-11510-3_12
78 sgo:license sg:explorer/license/
79 sgo:sdDataset chapters
80 rdf:type schema:Chapter
81 N38234456ec9e42228a5e235fc110899f schema:name Springer Nature
82 rdf:type schema:Organisation
83 N55552d8a609d4b58aee4ff5a8cfd0ea7 schema:name Springer Nature - SN SciGraph project
84 rdf:type schema:Organization
85 N6a48b5506e6e43bda1011d309ab9748d rdf:first sg:person.015302771661.96
86 rdf:rest N911c7b80e4fc452c9b4d2ecd23bacb3b
87 N6c6c237212a947fbaa863b0742210218 schema:name doi
88 schema:value 10.1007/978-3-031-11510-3_12
89 rdf:type schema:PropertyValue
90 N78a43429d380495988e0d1fa4514b697 schema:name dimensions_id
91 schema:value pub.1149869978
92 rdf:type schema:PropertyValue
93 N79297d466742451f81e308fa029c64bf rdf:first sg:person.010750450376.24
94 rdf:rest rdf:nil
95 N911c7b80e4fc452c9b4d2ecd23bacb3b rdf:first sg:person.010722126661.43
96 rdf:rest N79297d466742451f81e308fa029c64bf
97 N9199783f1b9d421d855b1df8a8f88d52 rdf:first Nf8dd86887ea8408f85ce767309405f81
98 rdf:rest rdf:nil
99 Nc6eb1360aef4457abe442cc17bd9c6ad schema:isbn 978-3-031-11509-7
100 978-3-031-11510-3
101 schema:name Business Modeling and Software Design
102 rdf:type schema:Book
103 Nf8dd86887ea8408f85ce767309405f81 schema:familyName Shishkov
104 schema:givenName Boris
105 rdf:type schema:Person
106 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
107 schema:name Information and Computing Sciences
108 rdf:type schema:DefinedTerm
109 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
110 schema:name Computer Software
111 rdf:type schema:DefinedTerm
112 sg:person.010722126661.43 schema:affiliation grid-institutes:grid.9681.6
113 schema:familyName Honkaranta
114 schema:givenName Anne
115 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010722126661.43
116 rdf:type schema:Person
117 sg:person.010750450376.24 schema:affiliation grid-institutes:grid.9681.6
118 schema:familyName Costin
119 schema:givenName Andrei
120 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010750450376.24
121 rdf:type schema:Person
122 sg:person.015302771661.96 schema:affiliation grid-institutes:grid.9681.6
123 schema:familyName Leppänen
124 schema:givenName Tiina
125 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015302771661.96
126 rdf:type schema:Person
127 grid-institutes:grid.9681.6 schema:alternateName University of Jyväskylä, Jyväskylä, Finland
128 schema:name University of Jyväskylä, Jyväskylä, Finland
129 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...