Towards LowDevSecOps Framework for Low-Code Development: Integrating Process-Oriented Recommendations for Security Risk Management

Towards LowDevSecOps Framework for Low-Code Development: Integrating Process-Oriented Recommendations for Security Risk Management

연구 분야: Safety

학회: MODELS Companion '24: Proceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems

The increasing demand for software solutions in the coming years will surpass the availability of IT talent, driving interest in citizen development and low-code approaches. However, the lack of technical insight among citizen developers poses potential security risks. This research aims to support businesses adopting citizen development by providing a framework that helps to proactively identify security risks by also linking them to specific actors and tools needed during the system design and development process to mitigate those risks. Additionally, this framework helps to address knowledge gaps by outlining actionable steps to ensure secure low-code development practices. The research aims to answer the question: "How can contextual information be modeled in low-code platforms to proactively identify and address security-related issues, acting as a virtual mentor for citizen / low-code developers?". To answer this question, our research conceptualizes security risks from established frameworks and operational security methodologies into a practical framework that allows mapping security risks to the context of low-code development. This framework serves as a foundational platform for designing and integrating active process-oriented guidance within low-code platforms using model-based automated prompts. This approach additionally aligns with DevSecOps principles that allows enhancing the capacity for low-code approach and citizen development in areas that currently may include manual coding and integrations.