An Empirical Study of DevSecOps Focused on Continuous Security Testing

An Empirical Study of DevSecOps Focused on Continuous Security Testing

연구 분야: Analysis

학회: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

DevSecOps is an emerging approach to integrate robust security into the DevOps software development process. It focuses on breaking the silos between development, security, and operations and on introducing security from the beginning of the software development process. In this paper, we present a DevSecOps framework centered on the principle of continuous security testing, applicable across various software development scenarios. Our ultimate goal is to promote wider adoption of DevSecOps practices. The framework comprises a CI/CD pipeline, a series of activities tailored for each phase, and tools to automate these activities. Through a case study conducted in a real-world setting, we evaluated the effectiveness of our framework. The results indicate that the framework's implementation was successful, enabling the development team to identify numerous vulnerabilities, including critical ones, proactively. Moreover, the developers have shown a keen interest in employing this framework in their future projects.