Continuous risk assessment in secure DevOps
Ricardo M. Czekster
TL;DR
This paper advocates integrating risk assessment, especially threat modeling, into secure DevOps practices to enhance early security considerations, improve automation, and align security with continuous software delivery.
Contribution
It provides a roadmap for embedding risk activities within secure DevOps, combining threat modeling with continuous practices, supported by case studies and practical tools.
Findings
Risk assessment enhances security in DevOps workflows.
Automating threat modeling improves early security integration.
Case studies demonstrate practical benefits of the proposed approach.
Abstract
DevOps (development and operations), has significantly changed the way to overcome deficiencies for delivering high-quality software to production environments. Past years witnessed an increased interest in embedding DevOps with cybersecurity in an approach dubbed secure DevOps. However, as the practices and guidance mature, teams must consider them within a broader risk context. We argue here how secure DevOps could profit from engaging with risk related activities within organisations. We focus on combining Risk Assessment (RA), particularly Threat Modelling (TM) and apply security considerations early in the software life-cycle. Our contribution provides a roadmap for enacting secure DevOps alongside risk objectives, devising informed ways to improve TM and establishing effective security underpinnings in organisations focusing on software products and services. We aim to outline…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Scientific Computing and Data Management