揭示DevSecOps的安全方面：演变、差距和趋势

Q3 Computer Science

Recent Advances in Computer Science and Communications Pub Date : 2022-08-04 DOI:10.2174/2666255816666220804143918

Xhesika Ramaj, Mary-Luz Sánchez-Gordón, S. Chockalingam, R. Colomo‐Palacios

{"title":"揭示DevSecOps的安全方面：演变、差距和趋势","authors":"Xhesika Ramaj, Mary-Luz Sánchez-Gordón, S. Chockalingam, R. Colomo‐Palacios","doi":"10.2174/2666255816666220804143918","DOIUrl":null,"url":null,"abstract":"\n\nThe popularity of DevSecOps is on the rise because it promises to integrate a greater degree of security into software delivery pipelines. However, there is also an unacceptable risk related to safety that cannot be overlooked, given the importance of this aspect in many industries.\n\n\n\nThe objective of this study is to provide an overview of the safety aspects reported in the literature on DevSecOps. This study also characterizes such aspects and identifies the gaps that may lead to future research work.\n\n\n\nA systematic literature review was conducted using five well-known academic databases. The search was executed in September 2021 and March 2022 to identify relevant studies.\n\n\n\nThe search returned 114 academic studies. After the screening process, five primary studies published between 2019 and 2021 were selected. These studies were analyzed thoroughly to identify the safety aspects. Then, we categorized them into three main groups: (i) risk-related safety aspects, (ii) human-related aspects, and (iii) management aspects.\n\n\n\nSafety is an important characteristic that is becoming more critical as the number of critical systems grows. This review reveals that only a scarce number of studies are focusing on safety in DevSecOps. However, those studies gave us some insights into this topic. Therefore, our main observation is that this topic has not yet been completely explored in the academic literature. This review can encourage reflection and discussion between the safety and security communities.\n","PeriodicalId":36514,"journal":{"name":"Recent Advances in Computer Science and Communications","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Unveiling the Safety Aspects of DevSecOps: Evolution, Gaps and Trends\",\"authors\":\"Xhesika Ramaj, Mary-Luz Sánchez-Gordón, S. Chockalingam, R. Colomo‐Palacios\",\"doi\":\"10.2174/2666255816666220804143918\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n\\nThe popularity of DevSecOps is on the rise because it promises to integrate a greater degree of security into software delivery pipelines. However, there is also an unacceptable risk related to safety that cannot be overlooked, given the importance of this aspect in many industries.\\n\\n\\n\\nThe objective of this study is to provide an overview of the safety aspects reported in the literature on DevSecOps. This study also characterizes such aspects and identifies the gaps that may lead to future research work.\\n\\n\\n\\nA systematic literature review was conducted using five well-known academic databases. The search was executed in September 2021 and March 2022 to identify relevant studies.\\n\\n\\n\\nThe search returned 114 academic studies. After the screening process, five primary studies published between 2019 and 2021 were selected. These studies were analyzed thoroughly to identify the safety aspects. Then, we categorized them into three main groups: (i) risk-related safety aspects, (ii) human-related aspects, and (iii) management aspects.\\n\\n\\n\\nSafety is an important characteristic that is becoming more critical as the number of critical systems grows. This review reveals that only a scarce number of studies are focusing on safety in DevSecOps. However, those studies gave us some insights into this topic. Therefore, our main observation is that this topic has not yet been completely explored in the academic literature. This review can encourage reflection and discussion between the safety and security communities.\\n\",\"PeriodicalId\":36514,\"journal\":{\"name\":\"Recent Advances in Computer Science and Communications\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-08-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Recent Advances in Computer Science and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2174/2666255816666220804143918\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Recent Advances in Computer Science and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2174/2666255816666220804143918","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

摘要

DevSecOps的受欢迎程度正在上升，因为它承诺将更大程度的安全性集成到软件交付管道中。然而，鉴于这一方面在许多行业中的重要性，安全方面也存在着不可忽视的不可接受的风险。本研究的目的是概述DevSecOps文献中报告的安全方面。本研究还描述了这些方面的特点，并确定了可能导致未来研究工作的差距。使用五个著名的学术数据库进行了系统的文献综述。搜索于2021年9月和2022年3月进行，以确定相关研究。搜索返回了114份学术研究报告。筛选过程结束后，选择了2019年至2021年间发表的五项主要研究。对这些研究进行了全面分析，以确定安全方面。然后，我们将其分为三大类：（i）与风险相关的安全方面，（ii）与人类相关的方面，以及（iii）管理方面。随着关键系统数量的增长，安全性是一个越来越重要的特征。这篇综述表明，只有少数研究关注DevSecOps的安全性。然而，这些研究让我们对这个话题有了一些见解。因此，我们的主要观察是，学术文献中尚未完全探讨这一主题。这一审查可以鼓励安全和安保社区之间进行反思和讨论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Unveiling the Safety Aspects of DevSecOps: Evolution, Gaps and Trends

The popularity of DevSecOps is on the rise because it promises to integrate a greater degree of security into software delivery pipelines. However, there is also an unacceptable risk related to safety that cannot be overlooked, given the importance of this aspect in many industries. The objective of this study is to provide an overview of the safety aspects reported in the literature on DevSecOps. This study also characterizes such aspects and identifies the gaps that may lead to future research work. A systematic literature review was conducted using five well-known academic databases. The search was executed in September 2021 and March 2022 to identify relevant studies. The search returned 114 academic studies. After the screening process, five primary studies published between 2019 and 2021 were selected. These studies were analyzed thoroughly to identify the safety aspects. Then, we categorized them into three main groups: (i) risk-related safety aspects, (ii) human-related aspects, and (iii) management aspects. Safety is an important characteristic that is becoming more critical as the number of critical systems grows. This review reveals that only a scarce number of studies are focusing on safety in DevSecOps. However, those studies gave us some insights into this topic. Therefore, our main observation is that this topic has not yet been completely explored in the academic literature. This review can encourage reflection and discussion between the safety and security communities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Recent Advances in Computer Science and Communications Computer Science-Computer Science (all)

CiteScore

2.50

自引率

0.00%

发文量

142