DevSecOps Services: A Study of the Most Common and Rarest DevSecOps Services Available in 2022
Keywords:
DevSecOps Services, DevSecOpsAbstract
DevSecOps is an evolving set of practices within the prevalent DevOps paradigm that aims to include security at every stage of the development cycle. In order to understand how it has matured since its inception, we looked at a sample of 25 companies offering DevSecOps services to identify which services were most common and rarest. Multiple trends were identified, including a heavy lean towards DevSecOps services towards consultation and organizational adaptation. We also identified compliance to be a focus of many DevSecOps services. DevSecOps consultation and DevSecOps as a Service (DaaS) were identified as two of the most commonly available services in 2022, and isolation, SRE, SIEM, and orchestration were the rarest. Future studies on this subject might reveal different trends in the evolution of DevSecOps services, assuming DevSecOps hasn't been replaced by a more advanced paradigm.
References
H. Myrbakken and R. Colomo-Palacios, "DevSecOps: A Multivocal Literature Review," in International Conference on Software Process Improvement and Capability Determination. Springer, Cham , Palma de Mallorca, Spain, 2017.
N. Tomas, J. Li and H. Huang, "An Empirical Study on Culture, Automation, Measurement, and Sharing of DevSecOps," in 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, Oxford, UK, 2019.
R. N. Rajapakse, M. Zahedi, M. A. Babar, and H. Shen, "Challenges and solutions when adopting DevSecOps: A systematic review," Information and Software Technology, vol. 141, 2022.
R. Mao, H. Zhang, Q. Dai, H. Huang, G. Rong, H. Shen, L. Chen and K. Lu, "Preliminary Findings about DevSecOps from Grey Literature," in IEEE 20th International Conference on Software Quality, Reliability and Security (QRS), Macau, China, 2020.
M. Sánchez-Gordón and R. Colomo-Palacios, "Security as Culture," in 2020 IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW), Seoul, Republic of Korea, 2020.
A. Gupta, "An Integrated Framework for DevSecOps Adoption," International Journal of Computer Trends and Technology, vol. 70, no. 6, pp. 19-23, 2022.
B. Jammeh, "DevSecOps: Security Expertise a Key to Automated Testing in CI/CD Pipeline," Research Gate, Poole, England, 2020.
X. Ramaj, M. Sánchez-Gordón, V. Gkioulos, S. Chockalingam, and R. Colomo-Palacios, "Holding on to Compliance While Adopting DevSecOps: An SLR," MDPI Electronics, 2022.
S. V. Deshmukh, D. S. Ahire, N. N. Chavan, N. D. Bharambe and P. Akshay.R.Jain, "IMPLEMENTING DEVSECOPS PIPELINE FOR AN ENTERPRISE ORGANIZATION," International Research Journal of Modernization in Engineering Technology and Science, vol. 3, no. 12, 2021.
K. Carter, "Francois Raynaud on DevSecOps," IEEE Software, vol. 34, no. 5, pp. 93-96, 2017.
Z. Ahmed and S. C. Francis, "Integrating Security with DevSecOps: Techniques and Challenges," in IEEE - 2019 International Conference on Digitization (ICD), Sharjah, United Arab Emirates, 2019.
M. A. Akbara, K. Smolander, S. Mahmood and A. Alsanad, "Toward successful DevSecOps in software development organizations: A decision-making framework," Information and Software Technology, vol. 147, 2022.
A. A. Zeeshan, "Compliance and Security," in DevSecOps for .NET Core: Securing Modern Software Applications, Apress, Berkeley, CA, Compliance and Security, pp. 265-278.
R. Kumar and R. Goyal, "Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)," Computers & Security, vol. 97, 2020.
J. Díaz, J. E. Pérez, M. A. Lopez-Peña, G. A. Mena and A. Yagüe, "Self-Service Cybersecurity Monitoring as Enabler for DevSecOps," IEEE Access, vol. 7, pp. 100283-100295, 2019.
T. H.-C. Hsu, Practical Security Automation and Testing, Birmingham, UK: Packt Publishing, 2019.
B. Yadav, G. Choudhary, S. K. Shandilya and N. Dragoni, "AI Empowered DevSecOps Security for Next Generation Development," in Springer - ICFSE 2021: Frontiers in Software Engineering pp 32–46, Innopolis, Russia, 2022.
A. Bahaa, A. Abdelaziz, A. Sayed, L. Elfangary and H. Fahmy, "Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review," Information, vol. 4, 2021.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 American Academic Scientific Research Journal for Engineering, Technology, and Sciences
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who submit papers with this journal agree to the following terms.