Assurance Case (AC) Role in DevSecOps Pipeline: An Example

Goodenough, John; Weinstock, Chuck; Woody, Carol; Ellison, Bob

Assurance Case (AC) Role in DevSecOps Pipeline: An Example

Active / Technical Report | Accesssion Number: AD1154997 |

Abstract:

Show potential role of a pipeline-oriented (DevSecOps) assurance case (AC): Prior use of ACs focused on gaining release decision from oversight body. Show potential value/benefits of a pipeline-oriented AC: Justify exit criteria for pipeline stages; Define evidence needed to meet (evolving) exit criteria; Provide basis for reassurance activity, e.g.,; What evidence needs to be refreshed to maintain confidence that (relevant) exit criteria continue to be met. A properly annotated AC defines exit criteria for each pipeline stage as well as showing how each stage contributes to overall system assurance.

Author(s):

Goodenough, John ; Weinstock, Chuck ; Woody, Carol ; Ellison, Bob

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER , Hanscom AFB , MA

Document Type:

Technical Report/Briefing Charts

Publication Date:

2021 Dec 13

Pagination:

16

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Communities of Interest:

No COI(s) Identified

Descriptor(s):

department of defense, software development, universities, engineering, governments, materials, contracts, guarantees, pipelines, national governments

Keyword(s):

ac(assurance case)

Subject Categories:

Mathematical and Computer Sciences

Creation Date:

2021 Dec 13

Update Date:

2022 Jan 25