Accession Number:

AD1155011

Title:

DEVSECOPS System Assurance

Descriptive Note:

[Technical Report, Technical Report]

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA

Personal Author(s):

• Sanders, Geoffrey
• Ellison, Robert
• Woody, Carol

Report Date:

2021-09-01

Pagination or Media Count:

8

Abstract:

DevSecOps pipelines support organizational agility by automating rapid and frequent delivery of secure infrastructure and software to production Figure 1. Pipelines are complex systems that require tradeoff decisions for each implementation, which commonly introduce risk to the pipeline and the product it delivers. System assurance should be used to manage that risk and maintain confidence in the pipeline and its product. This paper focuses on system assurance for DevSecOps software systems.

Descriptors:

• test and evaluation
• systems engineering
• software development
• computer programs
• department of defense
• vulnerability
• engineering
• risk
• cybersecurity
• governments
• reliability
• risk management
• security
• system of systems
• computer programming
• information systems
• software assurance

Subject Categories:

• Computer Systems
• Computer Systems Management and Standards

Distribution Statement:

[A, Approved For Public Release]