DEVSECOPS System Assurance

Sanders, Geoffrey; Ellison, Robert; Woody, Carol

DEVSECOPS System Assurance

Active / Technical Report | Accesssion Number: AD1155011 |

Open PDF

Abstract:

DevSecOps pipelines support organizational agility by automating rapid and frequent delivery of secure infrastructure and software to production (Figure 1). Pipelines are complex systems that require tradeoff decisions for each implementation, which commonly introduce risk to the pipeline and the product it delivers. System assurance should be used to manage that risk and maintain confidence in the pipeline and its product. This paper focuses on system assurance for DevSecOps software systems.

Author(s):

Sanders, Geoffrey ; Ellison, Robert ; Woody, Carol

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Technical Report

Publication Date:

2021 Sep 01

Pagination:

8

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

No COI(s) Identified

Descriptor(s):

test and evaluation, systems engineering, computer programs, department of defense, software development, vulnerability, engineering, risk, cybersecurity, governments, reliability, risk management, complex systems, information systems, security, software assurance, system of systems

Keyword(s):

devsecops pipelines, system assurance

Subject Categories:

Mathematical and Computer Sciences; Mathematical and Computer Sciences

Creation Date:

2021 Dec 13

Update Date:

2022 Jan 27