DevSecOps for the Enterprise

Antunes, Luiz; Yasar, Hasan

DevSecOps for the Enterprise

Active / Technical Report | Accesssion Number: AD1187371 |

Open PDF

Abstract:

DevSecOpsis a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production. It encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort. A DevSecOps Pipeline attempts to seamlessly integrate three traditional factions that sometimes have opposing interests: development; which values features; security, which values defensibility; and operations, which values stability. Not only does one need to balance the factions. They must do so in a way that balances risk, quality and benefits within their time, scope, and cost constraints.

Author(s):

Antunes, Luiz ; Yasar, Hasan

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Briefing Charts

Publication Date:

2022 Dec 09

Pagination:

16

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Report Number(s):

AFLCMC-DM22-1078

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

software development, systems engineering, engineering, devsecops, commerce, configuration management, emerging technology, materials, pipelines, security, teamwork, universities, department of defense, governments, personal information managers, software assurance, standards

Keyword(s):

DevSecOps (development security and operations), Enterprise DevSecOps, DevSecOps Pipeline, Enterprise-Scale Lean Delivery, PIM (Platform Independent Model), DevSecOps PIM

Subject Categories:

Mathematical and Computer Sciences; Mathematical and Computer Sciences

Creation Date:

2022 Dec 14

Update Date:

2023 Jul 20