Abstract
DevSecOps is an emerging paradigm that breaks the Security Team Silo into the DevOps Methodology and adds security practices to the Software Development Cycle (SDL). Security practices in SDL are important to avoid data breaches, guarantee compliance with the law and is an obligation to protect customers data. This study aims to identify metrics teams can use to measure the effectiveness of DevSecOps methodology implementation inside organizations. To that end, we performed a Multivocal Literature Review (MLR), where we reviewed a selection of grey literature. Several metrics purposed by professionals to monitor DevSecOps were identified and listed.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Silva, M., Faustino, J., Pereira, R., Da Silva, M.M.: Productivity gains of DevOps adoption in an IT team: a case study. In: Designing Digitalization, Lund (2018)
Mohan, V., Othmane, L.B.: SecDevOps: is it a marketing buzzword? - mapping research on security in DevOps. In: 11th International Conference on Availability, Reliability and Security (ARES), Salzburg (2016)
Rahman, A.A.U., Williams, L.: Software security in DevOps: synthesizing practitioners perceptions and practices. In: International Workshop on Continuous Software Evolution and Delivery, New York (2016)
Bass, L., Holz, R., Rimba, P., Tran, A.B., Zhu, L.: Securing a deployment pipeline. In: Third International Workshop on Release Engineering, New Jersey (2015)
Myrbakken, H., Colomo-Palacios, R.: DevSecOps: a multivocal literature review. In: Mas, A., Mesquida, A., O’Connor, Rory V., Rout, T., Dorling, A. (eds.) SPICE 2017. CCIS, vol. 770, pp. 17–29. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67383-7_2
Fenton, N., Bieman, J.: Software Metrics. CRC Press, Boca Raton (2015)
Garousi, V., Michael Felderer, M., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: 20th International Conference on Evaluation and Assessment in Software Engineering (EASE 2016), New York (2016)
Elmore, R.F.: Comment on “towards rigor in reviews of multivocal literatures: applying the exploratory case study method”. Rev. Educ. Res. 61, 293–297 (1991)
Smeds, J., Nybom, K., Porres, I.: DevOps: a definition and perceived adoption impediments. In: Lassenius, C., Dingsøyr, T., Paasivaara, M. (eds.) XP 2015. LNBIP, vol. 212, pp. 166–177. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18612-2_14
Roche, J.: Adopting DevOps practices in quality assurance. Commun. ACM 56(11), 8–20 (2013)
Bang, S.K., Chung, S., Choh, Y., Dupuis, M.D.: A grounded theory analysis of modern web applications: knowledge, skills, and abilities for DevOps. In: 2nd Annual Conference on Research in Information Technology, New York (2013)
Lwakatare, L.E., Kuvaja, P., Oivo, M.: Dimensions of DevOps. In: Lassenius, C., Dingsøyr, T., Paasivaara, M. (eds.) XP 2015. LNBIP, vol. 212, pp. 212–217. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18612-2_19
Virmani, M.: Understanding DevOps & bridging the gap from continuous integration to continuous delivery. In: INTECH 2015, Pontevedra (2015)
Ebert, C., Gallardo, G., Hernantes, J., Serrano, N.: DevOps. IEEE Softw. 33, 94–100 (2016)
Ray, H.T., Vemuri, R., Kantubhukta, H.R.: Toward an automated attack model for red teams. IEEE Secur. Privacy 3(4), 18–25 (2005)
Kitchenham, B.: Procedures for Performing Systematic Reviews, Keele University Technical Report TR/SE-0401. Keele University, Keele (2004)
Chickowski, E.: Seven Winning DevSecOps Metrics Security Should Track, Bitdefender, 1 May 2018. https://businessinsights.bitdefender.com/seven-winning-devsecops-metrics-security-should-track. Accessed 25 Mar 2019
Humphrey, A.: Diving into DevSecOps: Measuring Effectiveness & Success, Armor, 16 January 2018. https://www.armor.com/blog/diving-devsecops-measuring-effectiveness-success/. Accessed 29 Mar 2019
Jerbi, A.: InfoWorld, 13 November 2017. https://www.infoworld.com/article/3237046/kpis-for-managing-and-optimizing-devsecops-success.html. Accessed 25 Mar 2019
Hsu, T.: Hands-On Security in DevOps. Pack Publishing, Birmingham (2018)
Crouch, A.: https://www.agileconnection.com. Agile Connection, 13 December 2017. https://www.agileconnection.com/article/devsecops-incorporate-security-devops-reduce-software-risk. Accessed 26 Mar 2019
Casey, K.: Enterprisers Project, 19 June 2018. https://enterprisersproject.com/article/2018/6/how-build-strong-devsecops-culture-5-tips?page=1. Accessed 26 Mar 2019
Woodward, S.: BrightTalk, 18 September 2018. https://www.brighttalk.com/webcast/499/333412/devsecops-metrics-approaches-in-2018. Accessed 27 Mar 2019
Vijayan, J.: TechBeacon. https://techbeacon.com/security/6-devsecops-best-practices-automate-early-often. Accessed 1 Apr 2019
Raynaud, F.: DevSecCon, June 2017. https://www.devseccon.com/wp-content/uploads/2017/07/DevSecOps-whitepaper.pdf. Accessed 31 Mar 2019
Paule, C.: Securing DevOps — Detection of Vulnerabilities in CD Pipelines. University of Stuttgart, Stuttgart (2018)
Jose, F.: Effective DevSecops, 3 July 2018. https://medium.com/@fabiojose/effective-devsecops-f22dd023c5cd. Accessed 3 Apr 2019
Rao, M.: Synopsys, 6 July 2017. https://www.synopsys.com/blogs/software-security/devsecops-pipeline-checklist/. Accessed 2 Apr 2019
Romeo, C.: Techbeacon, Microfocus. https://techbeacon.com/devops/3-most-crucial-security-behaviors-devsecops. Accessed 3 Mar 2019
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Prates, L., Faustino, J., Silva, M., Pereira, R. (2019). DevSecOps Metrics. In: Wrycza, S., Maślankowski, J. (eds) Information Systems: Research, Development, Applications, Education. SIGSAND/PLAIS 2019. Lecture Notes in Business Information Processing, vol 359. Springer, Cham. https://doi.org/10.1007/978-3-030-29608-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-29608-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29607-0
Online ISBN: 978-3-030-29608-7
eBook Packages: Computer ScienceComputer Science (R0)